Security |
Users must log on in order to gain access to the FTP server. The IIS 5.0 FTP services can use the Windows account database to authenticate users logging on. However, all FTP transmissions are in clear text, thus exposing user names and passwords, as seen in the following figures.
In order to eliminate exposed passwords, you can configure your FTP server to permit anonymous logons. This type of logon requires the user to type “anonymous” as the user name and the user’s Internet e-mail address as the password. Anonymous users can gain access to files under the IUSR_computername account.
You can also allow anonymous-only logons to the FTP service. Anonymous-only logons are useful because they prevent real passwords from being revealed on a public network. In IIS 5.0, the FTP service is configured for anonymous-only access by default.