最近我在 WireShark 中注意到我可以看到我用于连接到我的 FTP 服务器以上传文件的 FTP 用户名/密码(我相信 Delphi 6 和 Indy 9 或 10)。我想通过加密密码来防止这种情况,但我不知道从哪里开始。
你会建议什么来防止黑客获得凭据?请不要使用任何组件(即使是免费的)或任何花钱的东西。
问问题
3050 次
1 回答
6
In pure FTP protocol, you have no means to encrypt anything, so the credentials travel as a plain text and the files, list, etc travel unencrypted to/from the server.
If your sever supports FTPS, which is a plain normal FTP session over a SSL encrypted connection, you can do it using the same TIdFTP object you're using, but changing the default IO handler to a SSL capable one, for example, an instance of TIdSSLIOHandlerSocketOpenSSL, which does the encryption using the popular OpenSSL library.
In code it looks like:
var
ftp: TIdFTP;
ssl: TIdSSLIOHandlerSocketOpenSSL;
begin
ftp := TIdFTP.Create();
try
ssl := TIdSSLIOHandlerSocketOpenSSL.Create(ftp);
ftp.IOHandler := ssl;
ftp.Host := 'ftp.myserver.com';
ftp.Username := 'myuser';
ftp.Password := 'mypass';
ftp.Connect;
DoWhateverYouWantToDoWithThe(ftp);
AndUploadMoreFiles(ftp);
ftp.Disconnect;
finally
ftp.Free;
end;
end;
于 2012-12-18T23:46:20.150 回答