Partager via

FTP Server Security

  • Article

The FTP Server included with Microsoft® Windows® CE .NET is a sample intended to show you how to create networking services that correctly interact and register with Services.exe. The FTP Server sample is also useful for debugging.

The FTP server is included as a teaching tool but not for commercial distribution without further modifications. The security on the FTP sample is very light and vulnerable to security attacks. Microsoft recommends that you carefully review the code and the security needs for the target deployment, and if necessary, enhance the security infrastructure before distributing this feature in a retail product.

Best Practices

Set the User List and Domain variables to prevent hacker attacks

If the FTP Server feature is used without appropriate values set for the User List and Domain variables, the FTP server will be vulnerable to hacker attacks. These variables are not set by default. A hacker must only guess the device's password, the way it is set in Control Panel, to obtain access to the server.

To prevent such an attack, the user name in the UserList registry value must be set for each of the servers that are currently running. The user will then need to log in with the specified user name and appropriate password to use the server.

You can set the domain variable in the DefaultDomain registry value, which is located under the HKEY_LOCAL_MACHINE\Comm\Redir registry key. Setting the DefaultDomain registry value will require FTP clients to have valid domain credentials to log in. For more information on this registry value, see Redirector Registry Settings.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For FTP Server registry information, see FTP Server Registry Settings.

Ports

The FTP server uses port 21 to receive FTP connections. This value cannot be changed.

See Also

FTP Server Overview | FTP Server Registry Settings

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.