HiTmE: I've thought about encryption at the file level but it's tricky. First off, I strongly suggest anyone interested in encryption do what o_dog suggests and create a small truecrypt container and just put the entire configuration inside. This is much better because it also protects the userfiles. You can also encrypt the drives with data, but given the really low bandwidth of the ioFTPD directory itself there is no reason not to at least do that. You could also enable NTFS encryption on top and adjust the permissions so no system services can view/index stuff.
The primary problem with internal file encryption is how many things it would break that rely on reading the logfiles. Every bot, for instance, relies on ioFTPD.log. At some point in the future perhaps ioYil will get information via a pipe or something, but for the moment it's just not going to happen.
On the other hand, with the IP/host masking features and the Hide_Xfer_Host option there should be no IP addresses in the files if you configure it that way. Thus encrypting the userfiles makes more sense. However, I'm sure I can't do better than truecrypt at protecting data so it just makes more sense to encrypt a small filesystem.
|