strange solution with ftplib and changed firewall rules
PiErre
siggy2 at supereva.it
Tue Feb 4 04:15:57 EST 2003
Andrew Bennetts <andrew-pythonlist at puzzling.org> wrote in message news:<mailman.1044019465.26635.python-list at python.org>...
> On Fri, Jan 31, 2003 at 12:36:59AM -0800, PiErre wrote:
[..snip RE: FTP firewall problems..]
>
> > Since it seems that quite all the firewalls in the world allows passive
> > connections if any should I warn my customer that he could have
> > a security problem?
>
> If you're using FTP, regardless of firewalls and active or passive mode, you
> probably have a security problem, as it transmits everything, including
> authentication details, in the clear.
since it will soon become an anonymous ftp (ftpd on freebsd)
that's not the main issue,
but, if I don't go wrong (but I'm not a guru so, please, be patience),
I read that in an active ftp session after the client connect to the
server the server itself try to open a channel to the client to
send/receive data;
if the ftp client is behind a firewall that is generally not allowed
so normally a passive connection is preferred (and this can explain
why
passive connection is recently became the standard mode for ftplib):
after the client connect to
the server then the server itself stands in a passive state waiting
for the client to open the second channel for data transfer.
My situation is: the ftp client of my customer is behind his firewall
whose "strange" policy allows the ftp server to open back the data
channel
to the ftp client (my python application).
Is this a security issue for my customer firewall?
Thanks again to all NG for you're support
bye,
PiErre
More information about the Python-list
mailing list