|
|
We think about your security
In order to be able to log in on your ftp server, web2ftp must know your ftp password. This password is transferred
from your browser to web2ftp and from there to your ftp server. An encrypted transmission of your server data to web2ftp
(and the server reply back to you) is possible with the SSL Login. This is no different from any other FTP client and is
thereby no characteristic of web2ftp..
For technical reasons web2ftp needs your ftp password with each ftp command you execute, therefore web2ftp stores your
password for the duration of the session locally. This has the advantage that your password does not need to be sent
continuously between your browser and web2ftp. The password is stored in a file inaccessible to the public, and totally
unrelated to your username. Additionally the password is encrypted by DES with a public and private key. If someone gets
access to this file (which is nearly impossible) and decodes the password, your password is nevertheless worthless to him.
The connection between password and user name is made by a session ID, which is put in hidden HTML fields together with
the server data. The stored password can be only used, if both the randomly produced session ID and the user name are known.
This information is only known by you!
The password file is deleted together with the session ID when you press the Logout Button. This guarantees that the browser's
or any proxy's cached copies of the HTML pages cannot be used any longer. If you forget to logout your password file is deleted
automatically after 60 minutes of inactivity! Files downloaded by the ftp server are transferred automatically by web2ftp to your
computer. Only you have access to these files as there is an htaccess file that limits the access to your IP address. If another
internet user should know the name and the directory of the downloaded file (which is highly improbable), the download attempt
would fail as their IP would get rejected
Of course we do not store any personal data. Activity-related data is stored only for statistics purposes and deleted after the
regular evaluation. Of course we will keep this data secret. Again it is pointed out that all passwords are deleted after their
use! With web2ftp it is neither necessary nor possible to register and store personal data. Therefore abuse of such data is
generally impossible!
If you should have further questions or doubts concerning the security of your data, please mail to
to info@web2ftp.com
|
|
|
