I have two security questions:

1. I want to send a file to an ftp server using cURL. The ftp server
(Serv-U) will accept SSL connections and generates it's own private
certificate. I contacted Serv-U to determine if the cert had a file
name so I could make a copy of it to use with cURL but was told there
was not a file that "it just accepts SSL connections".

I tested sending a file it was transferred to Serv-U with and without
the -k switch without a problem.

I checked the logs on the ftp server and there is nothing to tell me
that SSL was used. Is there anyway to tell from the cURL side?

Is there a way to be confident that this file is being securely
transferred?

2. I also used cURL to connect to an HTTPS server and download a file or
two. The HTTPS server required a uid and pwd in encrypted using Base64
Encoding. I accomplished this by using the coded text in the -u
parameter and it worked just fine.

I pretty sure (correct me if I'm wrong) that uid and pwd are always sent
clear-text since the logon takes place before the SSL handshake takes
place. Is there some sort of standard encryption that can be used for
uid and pwd?

Daniel: I'm really enjoying using your program; it's a great piece of
code. It won't be retirement-time but I will hit you with paypal real
soon. Thanks again. -Carter

-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Received on 2003-06-24