Hi!
We are looking at your ftpserver as a way to distribute operation
results, in a (very) secure way.
We've managed to get SSL working, together with certificate based
server, and client side authentication.
One requirement we have is that explicit authentication (AUTH/PROT P) is
used, this is based on the fact that the client doesn't support implicit
authentication.
One thing we now want to do is to only allow a user to read files once
they have set up a fully secured connection, both on the Command (AUTH)
and data (PROT P) channel.
I think I can get quite a way doing this using a ftplet, but I'd
appreciate your thoughts on the best way to do this :)
The FtpSession gives me knowledge on wether the command and data channel
are secured (I hope :) ).
And I can return skip or disconnect from the ftplet in the
onDownloadStart etc. methods (I'd prefer a return value that gives a
unauthorized or so error to the user, but disconnect or skip will
probably suffice).
I've thought about checking on the onLogin too, but that won't work
since PROT P is done after the login (or atleast with the client used).
So, any thoughts ? :)
Cheers!
Jeroen.
