Stylus Studio® Developer Network | Contact Us | Email this page

PRODUCTS

TRY

BUY

LEARN

SUPPORT

COMPANY

Cart

[EDI-L Mailing List Archive Home] [Message List] [Reply To This Message] RE: FTP to VAN From: "Shan Harter" <shan@...> Date: Wed Feb 18, 2004  4:33 pm Subject: RE: [EDI-L] FTP to VAN Play the video The issues with FTP are known such as denial of service attacks and may others listed in http://www.rfc-editor.org/rfc/rfc2577.txt (or see it at IETF) The real problem is malicious behavior. Since FTP user ID's and passwords are in the clear its easy to get them. Most of the issues would be someone trying to "hurt" the company in some way. Theft may also occur. Say someone intercepted the passwords then captured some orders worth 1000's or millions and changed the address or the order quantity and directed to a warehouse someone where they picked it up. This is just one of millions of possibilities. I have rarely seen it happen but the possibility is out there. I strongly recommend that you go with an ebXML solution (over SSL) or AS2 (over SSL). Even NAESB 1.6 (with SSL) is better than FTP. Some VAN's support AS2. ebXML is still too new to them, I would imagine, but there are "hubs" that support ebXML as a simple command line client (like ftp) but has the SSL component, and they have the interconnects to other VANs such as GEIS, sterling, etc. The main issues are if you can't encrypt your payload (an order 850, lets say) with GNUPG or some method, then at least encrypt your transmission. Shan Regards, Shan Shan Harter VP of Project Services Systrends, Inc. 7855 S. River Pkwy, Suite 111, Tempe, AZ 85284-2510 Phone 480-756-6777, Fax 480-756-9755 -----Original Message----- From: Epshteyn, Vladimir [mailto: Sent: Wednesday, February 18, 2004 9:06 AM To: Subject: RE: [EDI-L] FTP to VAN We are using FTP (just regular FTP) with QRS (Advantis) and we use it for a while. During last several years we did not have any issues with security and any other major issues at all. Vladimir -----Original Message----- From: Earl Wertheimer [mailto: Sent: Tuesday, February 17, 2004 2:08 PM To: Subject: Re: [EDI-L] FTP to VAN Tracy > For those using ftp to your van, are you worried about security? If > so, what are you doing about it? I am specifically interested in QRS > and Sterling VAN's. We will be using GIS as our translator on a Unix > box. I've never had a client complain about the lack of security... yet. The Trading Partners, WalMart in particular are a whole different story. QRS is supposed to be pretty secure, but I don't have any clients connecting to QRS/Advantis using ftp yet. They are still on dial-up ;-) Sterling just uses straight ftp, and it hasn't been a problem. Earl Wertheimer http://www.spe-edi.com . Please use the following Message Identifiers as your subject prefix: <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> Access the list online at: http://groups.yahoo.com/group/EDI-L Yahoo! Groups Links [Non-text portions of this message have been removed] . Please use the following Message Identifiers as your subject prefix: <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> Access the list online at: http://groups.yahoo.com/group/EDI-L Yahoo! Groups Links

Subscribe in XML format RSS 2.0 Atom 0.3

Stylus Studio® and DataDirect XQuery™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2007 All Rights Reserved.