At line 1 changed one line |
Passwords in the user manager can either be stored in DES or SHA mode. SHA mode makes them irreversible. So neither you, nor anyone else can lookup a user's password at a later date. You can also set some restrictions on password length, and how many characters for random passwords. |
Passwords in the user manager can either be stored in DES or hashed using MD5 or SHA mode. MD5/SHA mode makes them irreversible. So neither you, nor anyone else can lookup a user's password at a later date. You can also set some restrictions on password length, and how many characters for random passwords. These are enforced anytime a user changes their password as well. |
At line 5 changed one line |
This tab lets you configure the SSL certificate used by the server. This certificate is used for SSL FTP, and HTTPS. CrushFTP comes by default with a built in self signed certificate. Users will be warned the certificate is not trusted, but after that all data is encrypted. The potential risk is that someone could be running a rogue server using there own self signed certificate and the user wouldn't be able to tell the difference. If this risk is something you are concerned about, you can purchase a certificate from a certificate authority and pay a yearly fee to them to maintain it. You can then specify the certificate here. CrushFTP expects the certificate to be in a Java keystore file and needs the password to access the keystore. If you do nothing and leave these settings at their defaults, SSL will be working. If you make changes, be sure you do so accurately. |
This tab lets you configure the SSL certificate used by the server. This certificate is used for SSL FTP, and HTTPS. CrushFTP comes by default with a built in self signed certificate. Users will be warned the certificate is not trusted, but after that all data is encrypted. CrushFTP expects the certificate to be in a Java keystore file (JKS) or pkcs12 PFX file and needs the password to access the keystore. If you do nothing and leave these settings at their defaults, SSL will be working. If you make changes, be sure you do so accurately. This is the global SSL cert, but you can also specify a SSL cert on individual HTTPS/FTPS ports. Requiring [client certificate]s will block all connections fi the browser doesn't have a client cert already installed that you provided them. |
At line 9 added one line |
If you already have a keystroke, you can check it's contents using the keystore tab. |
At line 10 changed one line |
File based encryption allows you to store files on your drive in a format that cannot be read by anything outside of CrushFTP. The files are encrypted, and are only decrypted if transferred back through CrushFTP using the same key that was used to encrypt them. As the screenshot indicates, you really need to know what you are doing if you plan to use this. If you loose your key, the files all become worthless. |
[attachment|prefs_encryption_keystore.png] |
At line 13 added 3 lines |
|
File based encryption allows you to store files on your drive in a format that cannot be read by anything outside of CrushFTP. The files are encrypted, and are only decrypted if transferred back through CrushFTP using the same key that was used to encrypt them. As the screenshot indicates, you really need to know what you are doing if you plan to use this. If you loose your key, the files all become worthless. There is also a user manager option for this on a per user basis. |
|