On Wed, Aug 6, 2008 at 7:09 PM, Jeroen Cranendonk <[EMAIL PROTECTED]> wrote: > One thing we now want to do is to only allow a user to read files once they > have set up a fully secured connection, both on the Command (AUTH) and data > (PROT P) channel. > I think I can get quite a way doing this using a ftplet, but I'd appreciate > your thoughts on the best way to do this :) > The FtpSession gives me knowledge on wether the command and data channel are > secured (I hope :) ). > And I can return skip or disconnect from the ftplet in the onDownloadStart > etc. methods (I'd prefer a return value that gives a unauthorized or so > error to the user, but disconnect or skip will probably suffice).
Yes, that sounds like a good option. We have previously had a request for FtpServer to have an option to check this on it own. That is, you would configure the server to disallow any further action until AUTH and PROT has been sent from the client. Please tell us if you think this would be beneficial in your case. As for using Ftplets, it's currently not all that simple to detect that the control socket is secure, we should maybe add a isSecure() to allow checking that. What do you think? /niklas
