[Twisted-Python] new ftp implementation

Jonathan Simms slyphon at twistedmatrix.com
Tue Nov 18 11:04:21 MST 2003


Hello all,

Just wanted to announce there is a new version of the ftp server/protocol.

the new protocol:

   - Supports cred, so you can control/abstract the filesystem
   - includes an anonymous-only avatar/realm
   - supports pipelining of commands
   - intentionally does not support globbing (to help prevent security
     holes)
   - connection limiting (ex. max 100 users)
   - individual timeouts for protocol interpreter idle time and dtp
     connection times

todos:
   - the permissions-checking needs improvement. I intend to set up an
     option on the FTPFactory that will let you set the uid of the
     anonymous user, but that's coming in the next week.
   - path purification code needs improvement (to prevent intentionally 	
     stupid paths like "\\//*/*/../../*/.." from borking the server)
   - a couple of other minor odds-and-ends


there's an example tac file in sandbox/slyphon/ftp_refactor/ftpsrv.tac

comments, suggestions, etc. welcomed


-Jonathan Simms
slyphon at twistedmatrix.com





More information about the Twisted-Python mailing list