Reputation: 43853
Is FTP publishing from Visual Studio 2010 secure?
I noticed some strange activity on a server after I had been using FTP to publish for a few days...
edit: added this to give an example, skip over this quote if you have no idea
Basically when I got back an error message from my app in the form of HTML, my browser was trying to find a favicon at this URL: http://w00tw00t.at.blackhats.romanian.anti-sec/
I am pretty sure that FTP sends passwords in plain text but I wasn't sure if Visual Studio had any other mechanism for securing this, or if I need to set something on the server. Any ideas?
Upvotes: 2
Views: 1698
Answers (2)
Reputation: 113
FTPS is supported in the "Publish Web Site" dialog. Enter the address as ftps rather than ftp or http and if the site is set up for FTPS it should work. What is not supported as I can see is opening a Web site with FTPS rather than plain ftp.
Upvotes: 4
Reputation: 20387
FTP will send your credentials in plain text so in theory, your credentials could have been intercepted and reused in transit. Unfortunately Visual Studio doesn't support SFTP or FTPS so your best bet is to publish from Visual Studio using Web Deploy which will connect over HTTPS if publishing to IIS7.
Upvotes: 3
Related Questions
- FTP Publish Error in Visual Studio 2013
- Visual Studio 2012 partial publish
- FTP Publishing Visual Studio 2013
- ASP.NET Publish FTP Issues
- Publishing in Visual Studio with FTP
- VS2010 FTP Publish from mutliple machines
- Visual Studio keeps asking the FTP password when publishing with ClickOnce
- Is Visual Studio's .Publish.xml safe to be stored in source control?
- How to publish site using Visual Studio 2010 FTP
- Visual studio FTP publish does not close connections?