This discussion is archived
3435 Views 4 Replies Latest reply: Jun 27, 2008 1:49 AM by Graham Perrin
Email is less secure because the complete message is bounced around from server to server. Anyone with access to any of those servers can read the entire thing without much effort. To reconstruct a file from an AFP transmission they'd have to capture every packet and care enough about spying on you to spend the time piecing it together.
Your password on the other hand could be sniffed out if sent as clear text, but I don't believe AFP does that by default in Leopard.Several, Mac OS X (10.5.2)
I'm frankly not sure what exactly gets encrypted when you connect via AFP. To make an ssh tunnel you use ssh with -L switch.
First you open an ssh tunnel:
ssh –L 7777:localhost:548 email@example.com
this will make a tunnel from port 7777 on your computer (that number can be changed at will) to the port 548 on the remote computer (that's what AFP uses).
Then when you use connect to server command in finder you enter
afp://localhost:7777Mac Pro 3.2 GHz, Mac OS X (10.5.3), Mac Pro 2.66GHz, powerbook G4 1.5GHz
Thanks for the info. I am not ultra concerned about the actual data being intercepted (the data itself is rather insignificant), but I do want to ensure the security of both computers and make sure that any user names or passwords exchanged in the authentication process are encrypted.MacBook Pro, Mac OS X (10.5.3)
data encrypted with the session key is secure while in transit
Diffie-Hellman key exchange is supported by Apple Filing Protocol (AFP) version 3.1 and later and by Apple’s Secure Transport API.
etc..Xserve, Other OS, Mac OS X Server 10.5.3