- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/no-ftp
Language: Ruby
Severity: Info
Category: Security
CWE: 319
The rule “Avoid FTP connections” is a security best practice that discourages the use of the File Transfer Protocol (FTP) for transferring files in your Ruby applications. FTP is a protocol that lacks modern security features such as encryption and is susceptible to numerous types of attacks, including packet capture, spoofing, and brute force attacks.
This rule is important because the use of insecure protocols like FTP can lead to the exposure of sensitive data, such as user credentials or confidential file contents. The lack of encryption means that data transferred via FTP can be easily intercepted and read by unauthorized parties. This can lead to serious security breaches and data loss.
To adhere to this rule and avoid the associated security risks, use secure alternatives to FTP. For instance, you could use SFTP (SSH File Transfer Protocol) or FTPS (FTP Secure) which provide the necessary encryption for data transfers. In Ruby, you can use libraries such as Net::SFTP
or Net::FTPS
for secure file transfers. Using these alternatives will ensure that your file transfers are securely encrypted and less vulnerable to attacks.
Net::FTP.open('example.com') do |ftp|
ftp.login
files = ftp.chdir('pub/lang/ruby/contrib')
files = ftp.list('n*')
ftp.getbinaryfile('nif.rb-0.91.gz', 'nif.gz', 1024)
end
ftp = Net::FTP.new('example.com')
ftp.login
files = ftp.chdir('pub/lang/ruby/contrib')
files = ftp.list('n*')
ftp.getbinaryfile('nif.rb-0.91.gz', 'nif.gz', 1024)
ftp.close
|
|
For more information, please read the Code Analysis documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products