Article delegate-en/3169 of [1-5107] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:]  
Re: Transfering files from FTP server over HTTPS
Tue, 28 Mar 2006     Marcelo Spohn

Hi Yutaka,

Thanks for your feedback!!! Please check my comments inline.

Thanks!
Marcelo

Yutaka Sato wrote:

>Hi,
>
>In message  on 03/28/06(10:19:48)
>you Marcelo Spohn wrote:
> |Thanks a lot for your feedback! Uploading to an FTP server via an
> |HTTPS-proxy seems to be working in Delegate.
>
>Hmm... Which HTTP client are you using?
>Indeed DeleGate supports uploading to FTP server via HTTP with PUT method,
>but I'm not sure if it is supported in common browsers...
>  
>

    I'm using curl as the https client.

> |Could you please be more
> |specific as of why the Delegate configuration is prone to security
> |problems in such a proxy mode?
>
>It might be my excuse why I've not implemented more generic method
>for uploading with POST method + Content-Type:x-form. :p
>But anyway a proxy allowing uploading to a FTP server will prone to
>dangerous compared with a download-only proxy.  You must be
>careful enough not to dig a security hole with it.
>
> |BTW, the config file I'm currently using is as follows:
> |
> |    -vv
> |    LIBPATH='${LIBDIR}:/usr/local/lib:/usr/lib'
> |    -P17777
> |    OWNER="paul/linus"
> |    SFPROOT="/home/paul"
> |    SERVER=https
> |    FCL=sslway
> |    MOUNT="/* ftp://10.10.0.1:22223/*"
> |    MYAUTH="%U:%P"
> |    RELAY=proxy,delegate
> |    PERMIT="ftp:*:*"
> |    REMITTABLE=+,ftp
>
>Your configuration allows anyone to access arbitrary FTP servers via
>the proxy.  It might be your intention (specifying RELAY=delegate),
>but I think it should be restricted so that only the target server
>is accessible as PERMIT="ftp:10.10.10.1:*"
>  
>

    Thank you very much for pointing that out!!!

>BTW, what does SFPROOT mean?
>  
>

    Ooops, sorry! That's a typo resulting from editing the config prior
    to posting it. It should be read DGROOT.

>Cheers,
>Yutaka
>--
>  D G   Yutaka Sato http://delegate.org/y.sato/
> ( - )  National Institute of Advanced Industrial Science and Technology
>_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
>Do the more with the less -- B. Fuller
>  
>
  search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Generated:10/25 20:55:28 (1 sec) Expires:10/25 20:55:27 @_@V