How to encrypt credentials while connecting to FTP using Indy?

Question

Recently I noticed in WireShark I could see my FTP username/password that I used for connection to my FTP Server to upload a file (Delphi 6 with Indy 9 or 10, I belive). I would like to prevent that by encrypting the password but I am not sure where to start.

What would you suggest to prevent a hacker from gaining the credentials ? Please no components (even free ones) or anything that cost money.

Answer 1

In pure FTP protocol, you have no means to encrypt anything, so the credentials travel as a plain text and the files, list, etc travel unencrypted to/from the server.

If your sever supports FTPS, which is a plain normal FTP session over a SSL encrypted connection, you can do it using the same TIdFTP object you're using, but changing the default IO handler to a SSL capable one, for example, an instance of TIdSSLIOHandlerSocketOpenSSL, which does the encryption using the popular OpenSSL library.

In code it looks like:

var
  ftp: TIdFTP;
  ssl: TIdSSLIOHandlerSocketOpenSSL;
begin
  ftp := TIdFTP.Create();
  try
    ssl := TIdSSLIOHandlerSocketOpenSSL.Create(ftp);
    ftp.IOHandler := ssl;
    ftp.Host := 'ftp.myserver.com';
    ftp.Username := 'myuser';
    ftp.Password := 'mypass';
    ftp.Connect;
    DoWhateverYouWantToDoWithThe(ftp);
    AndUploadMoreFiles(ftp);
    ftp.Disconnect;
  finally
    ftp.Free;
  end;
end;