[
https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Description:
As discussed on the mailing list <
http://www.mail-archive.com/[email protected]/msg01635.html >,
passive ports are allocated from the pool based on the lowest available port
from the list. This may cause problems with some firewalls or clients that may
not release the port as quickly as the server expects. It is also a minor
security risk to provide an easily guessable port for passive connections.
Discussion on the list centered around other options to allocate ports,
focusing on a random port assignment from the available pool.
was:
As discussed on the mailing list
<http://www.mail-archive.com/[email protected]/msg01635.html>,
passive ports are allocated from the pool based on the lowest available port
from the list. This may cause problems with some firewalls or clients that may
not release the port as quickly as the server expects. It is also a minor
security risk to provide an easily guessable port for passive connections.
Discussion on the list centered around other options to allocate ports,
focusing on a random port assignment from the available pool.
> When picking a passive port, use "random port" from the pool instead of
> "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff,
> PassivePorts.java, PassivePorts.java.diff, PassivePortsTest.java
>
>
> As discussed on the mailing list <
> http://www.mail-archive.com/[email protected]/msg01635.html >,
> passive ports are allocated from the pool based on the lowest available port
> from the list. This may cause problems with some firewalls or clients that
> may not release the port as quickly as the server expects. It is also a
> minor security risk to provide an easily guessable port for passive
> connections.
> Discussion on the list centered around other options to allocate ports,
> focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
