How to encrypt credentials when connecting to FTP using Indy?

Question

How to encrypt credentials when connecting to FTP using Indy?

I recently noticed that in WireShark I could see my FTP username / password, which I used to connect to an FTP server to upload a file (Delphi 6 with Indy 9 or 10, I believe). I would like to prevent this by encrypting the password, but I'm not sure where to start.

What do you suggest to prevent a hacker from getting credentials? Please, no components (even free) or anything that costs money.

+4

delphi ftp delphi-6 indy

user0 Dec 18 '12 at 22:19

source share

1 answer

jachguate · Accepted Answer · 2012-12-18T23:46:20+0000

In the pure FTP protocol, you don’t have the means to encrypt anything, so the credentials are moved like plain text, and the files, list, etc. move in unencrypted form to / from the server.

If your server supports FTPS, which is a normal regular FTP session over an SSL-encrypted connection, you can do this using the same TIdFTP object that you use, but change the default IO handler to SSL-compatible, for example, an instance of TIdSSLIOHandlerSocketOpenSSL, which performs encryption using the popular OpenSSL library.

In code, it looks like this:

var ftp: TIdFTP; ssl: TIdSSLIOHandlerSocketOpenSSL; begin ftp := TIdFTP.Create(); try ssl := TIdSSLIOHandlerSocketOpenSSL.Create(ftp); ftp.IOHandler := ssl; ftp.Host := 'ftp.myserver.com'; ftp.Username := 'myuser'; ftp.Password := 'mypass'; ftp.Connect; DoWhateverYouWantToDoWithThe(ftp); AndUploadMoreFiles(ftp); ftp.Disconnect; finally ftp.Free; end; end;

How to encrypt credentials when connecting to FTP using Indy?

More articles: