Stylus Studio® Developer Network | Contact Us | Email this page

PRODUCTS

TRY

BUY

LEARN

SUPPORT

COMPANY

Cart

[EDI-L Mailing List Archive Home] [Message List] [Reply To This Message] Re: FTP to VAN From: "SAFExchange Services" <sxc@...> Date: Wed Feb 18, 2004  6:15 pm Subject: Re: [EDI-L] FTP to VAN Play the video Shan makes a good point--anything other than open (unprotected) FTP is necessary. I am surprised to hear that a reputable VAN like QRS/Advantis would allow the use of open FTP for EDI exchanges! That would appear to expose the VAN to high liabilities. I am wondering why a manager at any VAN or major business site would ignore the well known security vulnerabilities of open FTP and agree to its long-term, regular use for such high-value transactions? Am I missing something? Bob Frank Open Commerce SAFExchange Services Pleasanton, CA ----- Original Message ----- From: "Shan Harter" < To: "'Epshteyn, Vladimir'" < < Sent: Wednesday, February 18, 2004 8:33 AM Subject: RE: [EDI-L] FTP to VAN > The issues with FTP are known such as denial of service attacks and may > others listed in > http://www.rfc-editor.org/rfc/rfc2577.txt (or see it at IETF) > > The real problem is malicious behavior. Since FTP user ID's and passwords > are in the clear its easy > to get them. Most of the issues would be someone trying to "hurt" the > company in some way. Theft may > also occur. Say someone intercepted the passwords then captured some orders > worth 1000's or millions > and changed the address or the order quantity and directed to a warehouse > someone where they picked it up. > > This is just one of millions of possibilities. I have rarely seen it happen > but the possibility is out there. > > I strongly recommend that you go with an ebXML solution (over SSL) or AS2 > (over SSL). Even NAESB 1.6 (with SSL) > is better than FTP. Some VAN's support AS2. ebXML is still too new to them, > I would imagine, but there are "hubs" > that support ebXML as a simple command line client (like ftp) but has the > SSL component, and they have the interconnects > to other VANs such as GEIS, sterling, etc. > > The main issues are if you can't encrypt your payload (an order 850, lets > say) with GNUPG or some method, then > at least encrypt your transmission. > > Shan > Regards, > > Shan > > > Shan Harter > VP of Project Services > Systrends, Inc. > 7855 S. River Pkwy, Suite 111, Tempe, AZ 85284-2510 > Phone 480-756-6777, Fax 480-756-9755 > > > > > > > > -----Original Message----- > From: Epshteyn, Vladimir [mailto: > Sent: Wednesday, February 18, 2004 9:06 AM > To: > Subject: RE: [EDI-L] FTP to VAN > > > We are using FTP (just regular FTP) with QRS (Advantis) and we use it for a > while. During last several years we did not have any issues with security > and any other major issues at all. > > Vladimir > > -----Original Message----- > From: Earl Wertheimer [mailto: > Sent: Tuesday, February 17, 2004 2:08 PM > To: > Subject: Re: [EDI-L] FTP to VAN > > Tracy > > > For those using ftp to your van, are you worried about security? If > > so, what are you doing about it? I am specifically interested in QRS > > and Sterling VAN's. We will be using GIS as our translator on a Unix > > box. > > I've never had a client complain about the lack of security... yet. > The Trading Partners, WalMart in particular are a whole different story. > > QRS is supposed to be pretty secure, but I don't have any clients connecting > to > QRS/Advantis using ftp yet. They are still on dial-up ;-) > > Sterling just uses straight ftp, and it hasn't been a problem. > > Earl Wertheimer > > http://www.spe-edi.com > > > > . > Please use the following Message Identifiers as your subject prefix: > <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> > Access the list online at: http://groups.yahoo.com/group/EDI-L > > Yahoo! Groups Links > > > > > > [Non-text portions of this message have been removed] > > > > . > Please use the following Message Identifiers as your subject prefix: > <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> > Access the list online at: http://groups.yahoo.com/group/EDI-L > > Yahoo! Groups Links > > > > > > > > . > Please use the following Message Identifiers as your subject prefix: <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> > Access the list online at: http://groups.yahoo.com/group/EDI-L > > Yahoo! Groups Links > > > > >

Subscribe in XML format RSS 2.0 Atom 0.3

Stylus Studio® and DataDirect XQuery™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2007 All Rights Reserved.