Validate user on FreeBSD

Steven Taschuk staschuk at telusplanet.net
Fri Mar 21 03:52:06 CET 2003


Quoth Dan Nyanko:
> What I have working so far is the client can send a file across the
> link to the server, and it is written into the directory that the
> server program resides in.  I would like to add an authentication step
> that would send it to the valid users home directory, e.g.
> /home/cp_ru/filename.tar.gz

Can't the client just specify a filename of "/home/cp_ru/filename"?

That seems to do more or less what you want, but it points out a
gaping security hole in the server; the client could specify a
filename of, say, "/etc/passwd", which would be bad.  (I assume
the server is running as root so it can bind to port 510.)

Why not just use ftp or sftp?

-- 
Steven Taschuk                                                   w_w
staschuk at telusplanet.net                                      ,-= U
                                                               1 1





More information about the Python-list mailing list