Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 10-05-2004, 05:43 AM   #1
esmandil
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 107
Default Encrypting directory listings but allowing fxp transfers

Hello,

I would like to make sure directory listings are sent only over encrypted data channel. On the other hand, I need my server to do FXP transfers, so requiring encrypted data connection all the time doesn't work.

It has occurred to me that what I really want is to allow LIST command over protected data channel only, while allowing STOR and RETR over unprotected data channel as well. This should work, right? Or is there anything more I need to worry about?

I don't think it can be done right now, though. I can use [FTP_Pre-Command_Events] to control access to LIST command, but there is (as far as I know) no way to check whether current connection is encrypted or not.

May I ask for a new cookie, maybe? Or a flag? One which would tell the state of control connection (no auth, ssl, tls etc) and state of data connection (clear or private)?

I am new to ioFTPD, so it is quite possible that there is an easier way of doing what I want to do... Does anybody have any idea?
esmandil is offline   Reply With Quote
Old 10-05-2004, 06:10 AM   #2
Rusher
Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 57
Default

in ioFTPD.ini
at the line
Require_Encrypted_Data = !-user !-user *

when there is no ssl/tls available its not requierd. and when there is it will use it.

so add the users there that you dont want to force ssl/tls on.
Rusher is offline   Reply With Quote
Old 10-05-2004, 09:39 AM   #3
esmandil
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 107
Default

Thanks, but that's not what I need. I want to require ssl on LIST *for all users* and allow clear text on STOR / RETR *for all users* as well.
esmandil is offline   Reply With Quote
Old 10-05-2004, 10:30 AM   #4
Rusher
Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 57
Default

try

Require_Encrypted_Data = !*

or that might just disable list also. dont know =) good luck.
Rusher is offline   Reply With Quote
Old 10-06-2004, 05:29 AM   #5
esmandil
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 107
Default

Yes, Require_Encrypted_Data = !* allows LIST over non-encrypted data connection as well.

Right now the best thing I have is to disallow LIST command completely, forcing people to use STAT -L to get directory listing over control connection.
esmandil is offline   Reply With Quote
Old 10-06-2004, 07:38 PM   #6
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default

Not only the best way to do it; also the only way to do it.
Mouton is offline   Reply With Quote
Old 10-07-2004, 06:09 AM   #7
esmandil
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 107
Default

OK, thanks, good to know :-)
esmandil is offline   Reply With Quote
Reply

Tags
channel, connection, data, encrypted, fxp

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:59 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)