1

I want to use ClickOnce to publish my application (because I haven't found any other solution that is as simple and well integrated in the IDE).

I have set up a website to publish my application to, where users will download it from. My understanding is that the only method available for publishing ClickOnce is over FTP. I have read that with FTP, your password can be "intercepted".

What does this mean exactly? Can anyone, anywhere on the internet see your password? Or would they have to be on your local network? Basically - how could someone, theoretically, gain access to my FTP account, and how much of a risk is it of happening?

Rotem
  • 21,452
  • 6
  • 62
  • 109
William
  • 3,335
  • 9
  • 42
  • 74

1 Answers1

2

The password using FTP protocol is transmitted in "opened" format and can be catched using sniffer. Use ssl / sftp. Publish your site to folder and then use another ftp client like winscp

Boris Gappov
  • 2,483
  • 18
  • 23
  • My website hosting company (register.com) does not provide SFTP as far as I can tell - what are my other options? Also - when you say "using a sniffer" - what does that mean? How do they intercept the packets between my network and my web hosting company's? – William Dec 04 '12 at 15:01
  • 1
    Your hosting is likely to have the option allow ftp connections only from one defined ip. You can deny all ftp connections, but web site can download update from another server, where ftp is allowed. And i found this article about sniffers http://www.irongeek.com/i.php?page=security/AQuickIntrotoSniffers – Boris Gappov Dec 04 '12 at 15:29