[
https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Niklas Gustavsson closed FTPSERVER-420.
---------------------------------------
Resolution: Fixed
Fix Version/s: 1.1.0
1.0.6
Assignee: Niklas Gustavsson
Fixed in rev 1137251 and 1137252. Thanks for your work on this Allen!
> When picking a passive port, use "random port" from the pool instead of
> "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Assignee: Niklas Gustavsson
> Fix For: 1.0.6, 1.1.0
>
> Attachments: DataConnectionConfigurationFactory.java.diff,
> PassivePorts.java, PassivePorts.java.diff, PassivePortsTest.java
>
>
> As discussed on the mailing list <
> http://www.mail-archive.com/[email protected]/msg01635.html >,
> passive ports are allocated from the pool based on the lowest available port
> from the list. This may cause problems with some firewalls or clients that
> may not release the port as quickly as the server expects. It is also a
> minor security risk to provide an easily guessable port for passive
> connections.
> Discussion on the list centered around other options to allocate ports,
> focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
