Article delegate-en/3169 of [1-4113] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3167@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: Transfering files from FTP server over HTTPS
28 Mar 2006 13:26:51 GMT Marcelo Spohn <pjygabdyi-mykgh44tejtw.ml@delegate.org> 
Hi Yutaka,

Thanks for your feedback!!! Please check my comments inline.

Thanks!
Marcelo

Yutaka Sato wrote:

>Hi,
>
>In message <_A3166@delegate-en.ML_> on 03/28/06(10:19:48)
>you Marcelo Spohn <pjygabdyi-mykgh44tejtw.ml@delegate.org> wrote:
> |Thanks a lot for your feedback! Uploading to an FTP server via an
> |HTTPS-proxy seems to be working in Delegate.
>
>Hmm... Which HTTP client are you using?
>Indeed DeleGate supports uploading to FTP server via HTTP with PUT method,
>but I'm not sure if it is supported in common browsers...
>  
>

    I'm using curl as the https client.

> |Could you please be more
> |specific as of why the Delegate configuration is prone to security
> |problems in such a proxy mode?
>
>It might be my excuse why I've not implemented more generic method
>for uploading with POST method + Content-Type:x-form. :p
>But anyway a proxy allowing uploading to a FTP server will prone to
>dangerous compared with a download-only proxy.  You must be
>careful enough not to dig a security hole with it.
>
> |BTW, the config file I'm currently using is as follows:
> |
> |    -vv
> |    LIBPATH='${LIBDIR}:/usr/local/lib:/usr/lib'
> |    -P17777
> |    OWNER="paul/linus"
> |    SFPROOT="/home/paul"
> |    SERVER=https
> |    FCL=sslway
> |    MOUNT="/* ftp://10.10.0.1:22223/*"
> |    MYAUTH="%U:%P"
> |    RELAY=proxy,delegate
> |    PERMIT="ftp:*:*"
> |    REMITTABLE=+,ftp
>
>Your configuration allows anyone to access arbitrary FTP servers via
>the proxy.  It might be your intention (specifying RELAY=delegate),
>but I think it should be restricted so that only the target server
>is accessible as PERMIT="ftp:10.10.10.1:*"
>  
>

    Thank you very much for pointing that out!!!

>BTW, what does SFPROOT mean?
>  
>

    Ooops, sorry! That's a typo resulting from editing the config prior
    to posting it. It should be read DGROOT.

>Cheers,
>Yutaka
>--
>  D G   Yutaka Sato <pfqcabdyi-mykgh44tejtw.ml@delegate.org> http://delegate.org/y.sato/
> ( - )  National Institute of Advanced Industrial Science and Technology
>_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
>Do the more with the less -- B. Fuller
>  
>
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V