Outbound port on sockets

Jorgen Grahn grahn+nntp at snipabacken.dyndns.org
Sun Sep 17 10:16:37 CEST 2006


On Thu, 14 Sep 2006 18:21:39 +0200, Fredrik Lundh <fredrik at pythonware.com> wrote:
> bmearns wrote:
...
> (and before you proceed, reading
>
>       http://cr.yp.to/ftp/security.html
>
> is also a good idea.

And RFC1123, and any number of FTP-related RFCs. There's even one fairly
early RFC that encourages everyone to use the PASV command exclusively -- I
still cannot see why he has to mess around with PORT.

> are you 110% sure that you absolutely definitely 
> have to use FTP rather than HTTP/WebDAV or somesuch).

Yeah; quoting RFC1123, from back in 1989:

| Internet users have been unnecessarily burdened for years by deficient
| FTP implementations.  Protocol implementors have suffered from the
| erroneous opinion that implementing FTP ought to be a small and
| trivial task. [---]

It seems to me (with my tiny knowledge of FTP) that if he has problems with
PORT/PASV, that's nothing compared to the difficulty of implementing
different data transfer modes and so on.

On the other hand, implementing FTP is a cool programming project ;-)

/Jorgen

-- 
  // Jorgen Grahn <grahn@        Ph'nglui mglw'nafh Cthulhu
\X/     snipabacken.dyndns.org>  R'lyeh wgah'nagl fhtagn!



More information about the Python-list mailing list