FlashFXP Forums - View Single Post

esmandil · 11-24-2004, 05:44 AM

Well, I don't exactly agree with this reasoning.

Man-in-the-middle attack is pretty specific... *and*, in this particular case, impossible to hide, as the attacker cannot send the data to target server. So, if data shows up on the other server, nobody is listening to it (unless the attacker knows your password on the target server... but then he doesn't need to eavesdrop, does he

).

In other words, CPSV is still better than non-encrypted FXP.

As to false sense of security... anybody who doesn't understand what they are doing deserve their fate ;-)

Or do I get this all wrong?

11-24-2004, 05:44 AM
esmandil Senior Member Join Date: Oct 2004 Posts: 107	Well, I don't exactly agree with this reasoning. Man-in-the-middle attack is pretty specific... and, in this particular case, impossible to hide, as the attacker cannot send the data to target server. So, if data shows up on the other server, nobody is listening to it (unless the attacker knows your password on the target server... but then he doesn't need to eavesdrop, does he ). In other words, CPSV is still better than non-encrypted FXP. As to false sense of security... anybody who doesn't understand what they are doing deserve their fate ;-) Or do I get this all wrong?