On 29 January 2016 at 17:39, mick mbm@rlogin.net wrote:
No you don't. Apache is an unnecessary resource hog. I gave up using it over decade ago. I use lighttpd for all my web services.
Fair point, s/Apache/web server/g in my previous email.
Actually Apache isn't the resource hog it used to be either, at least not when using mpm-event (which to be fair isn't the default).
However it's all still an overhead compared with logging in via SSH and hand editing text-based config files, and there's no reason why a GUI couldn't run on an admin's desktop and remotely "hand-edit" those files for him/her, thus removing that overhead.
Also: +1 for SFTP. You really don't want vanilla FTP passing credentials in the clear.
I'd say you don't want anything that you care about sent in the clear, or protected by anything sent in the clear. However in a situation where the data isn't valuable and the user/pass can't get anywhere beyond that data the issue is less important. As a preference I'm always going to go for SFTP over FTP but the "spec" is that the end user should be able to download via FTP, which might include an automated download using something that can't cope with SFTP. It does mean that having a secure FTP server matters though (ie I need confidence that an FTP user cannot access anything beyond that data), and I also don't plan on having anything else on that server. Note that those users only have read access anyway.
I think gFTP is a good gui client for linux/OSX
FileZilla isn't bad either, and being cross-platform means I can provide a level of support for it on Windows despite using it on Linux myself. And it supports SFTP just fine, but I can't mandate it's use so can't restrict to SFTP.