From: "Robert Hood, Ph.D." <rhood@mtsu.edu>
I've been advised by security people on my campus to shut down normal ftp and telnet access to my server if possible and to use sftp and ssh for access.
Ah, yes, that is something you are well adviced to do. However, ftp access to Zope is not "normal" ftp access. :-)
I currently sometimes ftp things to zope. I do not have any packages installed that give zope file system access, so I don't really think zope's ftp port would be a security hazard
Quite correct.
(and my own view is that my machine does not have any national security type stuff on it, so that this request may be going a bit far).
Oh, hackers gaining access to secret data is not a very big security problem. The problems are that they use your machine to make attacks on other machines, spread copyrighted data, send spam e-mails, and so on.
Suggestions appreciated.
I'm sure it is possible to implement sftp too, but I would think it is quite a lot of work, for very little gain, so probably you have to do it yourself... Oh, and you can run the ftp on a non-standard port, and your security people probably won't find it. :-)