问题
My application downloads files from an FTP server.
Using a packet sniffer I can see the user name and password easily, I would like to have this avoided.
I can't make an FTP account with limited privileges ATM.
How do I know if the server supports SSL? (Apache 2.x.x)
Any other way to hide user : pass of FTP account?
回答1:
If you want to see if a FTP server supports FTPS in explicit mode (RFC 2228, RFC 4217), then send an AUTH TLS. If it replies with a 5xx error code, then it doesn't; if it replies with a 234, then it does and your client should react appropriately (which, for a RFC 4217 compliant server, means doing a standard TLS handshake).
Unfortunately the WinInet API doesn't let you do this, so you might want to look at libcurl, which supports FTPS out of the box.
来源:https://stackoverflow.com/questions/12019819/c-win32-the-basics-of-ftp-security-and-using-ssl