On Wed, Sep 9, 2009 at 10:53 AM, Paweł Hajdan Jr. <[email protected]>wrote:
> This is http://code.google.com/p/chromium/issues/detail?id=3073 . I think > it's not so hard to implement it (and probably not so high priority either), > but are there any potential security (or other) problems? Like with PASV, you need to do validation on the IP address. With PORT, when you accept the incoming connection, check that the IP address matches that of the control connection. Otherwise, an attacker could be racing with the real FTP server to send you a fake download. Cheers Chris --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
