Samba <> Internet file share

David Collier-Brown David.Collier-Brown at
Wed Aug 9 16:09:36 GMT 2000

At 12:42 09/08/00 +1000, Ashley Drees wrote:
>If I were to enable samba on the internet facing side of my system, what 
>security issues would I face.

  As Chris Watt notes, the normal risk is the same as if you were
to run an external ftp server.

  However, Microsoft **strongly** reccomend you not do so because
it exposes a risk in Internet Explorer:  you can convince IE to send
you plain-text passwords via file://server/share URIs.
  They fixed this by introducing semi-encrypted passwords and
a challange-response system in their SMB server.

  for "anonymous ftp" style use, samba is fine, with either
encrypted or plain-text passwords, on a properly secured
server outside your firewall
  for working with shared files that shouldn't be public, use
a vpn of some sort, or use ssh/scopy instead.

--dave (a former professional paranoid)
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at

More information about the samba mailing list