Go Back   FlashFXP Forums > > > >

General Discuss anything and everything related to FlashFXP

 
 
Thread Tools Display Modes
Old 02-19-2003, 08:30 AM   #1
cajoline
Junior Member
 
Join Date: Feb 2003
Posts: 2
Default AUTH TLS: problem with PROT P when not supported by server

Hi.

I just want to mention that I've noticed a problem with the way flashfxp implements the PROT command, as part of the AUTH TLS mechanism.

If you specify you want secure file listing and/or secure file transfers (upload/download), flashfxp sends the 'PROT P' command. However, if the server refuses to negotiate tls on the ftp-data channel, giving any of the following replies, flashfxp doesn't seem to honor/accept this reply.

500 Syntax error, command unrecognized.
504 Command not implemented for that parameter.
534 Request denied for policy reasons.
536 Requested PROT level not supported by mechanism.
537 Command protection level not supported by security mechanism.

What would be expected after such a reply is that the client backs off and reports this to the user, perhaps disconnecting the ftp session too. Or, as a failover, it could revert to 'PROT C'. Even if this would probably break compliance to the standards and even pose security problems, it could be more convenient for the end user.

However, what flashfxp actually seems to do is that it rather ignores the server's reply, and it proceeds to try to negotiate TLS over the ftp-data session.

From my short testing on this with directory lists, I just noticed that some times flashfxp will manage to produce a valid dir list, some times it won't. It seems to do better on smaller ones, but I'm not sure I can be any more specific than that.
cajoline is offline  
Old 02-19-2003, 05:45 PM   #2
Shark
Senior Member
FlashFXP Beta Tester
 
Shark's Avatar
 
Join Date: Oct 2001
Posts: 606
Default

Which build of FlashFXP ?

Which FTP Server & version ?
Shark is offline  
Old 02-19-2003, 08:33 PM   #3
cajoline
Junior Member
 
Join Date: Feb 2003
Posts: 2
Default

I used flashfxp 2.0 build 905. The server is actually a proxy I am working on. It implements AUTH TLS for the control connection, but not for ftp-data, for the time being.

Anyway, I believe this should be relatively easy to confirm or deny if you look in the code.
cajoline is offline  
 

Tags
command, flashfxp, mechanism, prot, tls

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flash hangs during transfers slatts General Discussion 5 01-14-2005 07:50 PM


All times are GMT -5. The time now is 05:23 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)