4

最近我在 WireShark 中注意到我可以看到我用于连接到我的 FTP 服务器以上传文件的 FTP 用户名/密码(我相信 Delphi 6 和 Indy 9 或 10)。我想通过加密密码来防止这种情况,但我不知道从哪里开始。

你会建议什么来防止黑客获得凭据?请不要使用任何组件(即使是免费的)或任何花钱的东西。

4

1 回答 1

6

In pure FTP protocol, you have no means to encrypt anything, so the credentials travel as a plain text and the files, list, etc travel unencrypted to/from the server.

If your sever supports FTPS, which is a plain normal FTP session over a SSL encrypted connection, you can do it using the same TIdFTP object you're using, but changing the default IO handler to a SSL capable one, for example, an instance of TIdSSLIOHandlerSocketOpenSSL, which does the encryption using the popular OpenSSL library.

In code it looks like:

var
  ftp: TIdFTP;
  ssl: TIdSSLIOHandlerSocketOpenSSL;
begin
  ftp := TIdFTP.Create();
  try
    ssl := TIdSSLIOHandlerSocketOpenSSL.Create(ftp);
    ftp.IOHandler := ssl;
    ftp.Host := 'ftp.myserver.com';
    ftp.Username := 'myuser';
    ftp.Password := 'mypass';
    ftp.Connect;
    DoWhateverYouWantToDoWithThe(ftp);
    AndUploadMoreFiles(ftp);
    ftp.Disconnect;
  finally
    ftp.Free;
  end;
end;
于 2012-12-18T23:46:20.150 回答