A security note about ftp and CushyCMS

In my first look at CushyCMS on Monday, I mentioned that “personal site already had ftp access set up the way CushyCMS expected to see it.” This raises an issue that I chose to skip in the interest of brevity. A reader with a Web-based financial application has questioned me about it in email, so it seems worthwhile to discuss it here.

As you probably know, ftp is an ancient protocol by Internet standards. Many Web hosts offer password-protected ftp as the primary way you can upload content to your Web site. Some other Web hosts don’t allow it at all, on the grounds that it is insecure because it sends passwords over the wire in plain text. These hosts usually offer at least one of the following alternatives: ftp access only over a secure VPN; sftp (secure ftp) access; access via FrontPage extensions; and WebDAV access.

For a Web-based financial application, opening up password-protected ftp access to the whole site would be a really bad idea: it could potentially compromise the security of users’ financial information. On the other hand, opening up password-protected ftp access to a subdirectory of the site that contains only publicly available material could be OK.

That’s certainly what I would do if I had a Web-based financial application and wanted to give a content editor access to a news page via CushyCMS: I’d put the news page in a subdirectory that had no sensitive information, create a password-protected ftp instance that accessed only that subdirectory, and then establish a CushyCMS connection to that ftp instance.

How do you feel about secure editing of Web content? What’s your preferred access method, and why do you prefer it?