- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/avoid-using-ftp
Language: PHP
Severity: Error
Category: Security
CWE: 319
Avoid FTP (File Transfer Protocol) unless it is used with SSL (Secure Sockets Layer). FTP is a standard network protocol used for the transfer of computer files between a client and server on a computer network. However, FTP is inherently insecure as it does not encrypt the data being transmitted, which can lead to potential data breaches.
Without SSL, data transferred over FTP can be intercepted and read by anyone who is able to access the network. This includes sensitive information like usernames, passwords, and personal data.
Always use ftp_ssl_connect
instead of ftp_connect
when establishing a connection to an FTP server in PHP. This ensures that the connection is encrypted with SSL. If ftp_ssl_connect
is not available or the server does not support FTPS, consider using SFTP (SSH File Transfer Protocol) or other secure methods of file transfer.
<?php
$conn = ftp_connect($host);
$login = ftp_login($conn, $username, $password);
<?php
$conn = ftp_ssl_connect($host);
assertType('Illuminate\Database\Eloquent\Collection<int, Illuminate\Types\Relations\Address>', $user->address()->get());
|
|
For more information, please read the Code Analysis documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products