On 14/09/2010 18:50, Sai Pullabhotla wrote:
> While this should work with most clients, there is still a need to
> just secure authentication process (especially the user name and
> password). Once the authentication is finished, a client might want to
> switch back to plain old FTP if there is no
While this should work with most clients, there is still a need to
just secure authentication process (especially the user name and
password). Once the authentication is finished, a client might want to
switch back to plain old FTP if there is no confidential data. So
having an option or two on the
On 14 September 2010 16:47, Dave Roberts wrote:
>
> Given that you want to impose the use of SSL, can you not make use
> of the implicit SSL option on a single listener instance? As far as
> I know, most clients that support SSL, support both implicit and
> explicit modes.
>
I see implicit SSL a
On 14/09/2010 16:37, John Hartnup wrote:
> The implication, then, is that this is a niche behaviour that would be best
> implemented in an ftplet, and not something that be available all the time,
> to be configured in the element?
Given that you want to impose the use of SSL, can you not make us
A future release could have a setting on the listener to force a
secure session. You might want to open a case in JIRA for this. I
think this would be a good addition.
On Tue, Sep 14, 2010 at 10:37 AM, John Hartnup wrote:
> Thanks, yes that makes sense.
>
> The implication, then, is that this is
Thanks, yes that makes sense.
The implication, then, is that this is a niche behaviour that would be best
implemented in an ftplet, and not something that be available all the time,
to be configured in the element?
On 14 September 2010 16:18, Sai Pullabhotla wrote:
> You should be able to this
You should be able to this with an Ftplet that captures the
beforeCommand (USER command) event, and make sure the session is
secured. If the session was not secured already, send a 5xx/4xx reply
from the Ftplet, and optionally close the session.
FtpSession.isSecure() is the method you need to use f
Hi,
Reading the config docs, and briefly examining the source, it seems as if
explicit SSL is supported (AUTH TLS) but that there's no way to disallow
login if the session hasn't been secured.
1. Have I got that wrong?
2. Does anyone have any opinion on the best place to add that feature? My
(nai