[
https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13051323#comment-13051323
]
Niklas Gustavsson commented on FTPSERVER-420:
---------------------------------------------
I've reviewed the patch and think it's very good. Still making some very minor
changes before I will commit it.
> When picking a passive port, use "random port" from the pool instead of
> "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff,
> PassivePorts.java, PassivePorts.java.diff, PassivePortsTest.java
>
>
> As discussed on the mailing list <
> http://www.mail-archive.com/[email protected]/msg01635.html >,
> passive ports are allocated from the pool based on the lowest available port
> from the list. This may cause problems with some firewalls or clients that
> may not release the port as quickly as the server expects. It is also a
> minor security risk to provide an easily guessable port for passive
> connections.
> Discussion on the list centered around other options to allocate ports,
> focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
