[Twisted-Python] new ftp implementation
Jonathan Simms
slyphon at twistedmatrix.com
Tue Nov 18 13:04:21 EST 2003
Hello all,
Just wanted to announce there is a new version of the ftp server/protocol.
the new protocol:
- Supports cred, so you can control/abstract the filesystem
- includes an anonymous-only avatar/realm
- supports pipelining of commands
- intentionally does not support globbing (to help prevent security
holes)
- connection limiting (ex. max 100 users)
- individual timeouts for protocol interpreter idle time and dtp
connection times
todos:
- the permissions-checking needs improvement. I intend to set up an
option on the FTPFactory that will let you set the uid of the
anonymous user, but that's coming in the next week.
- path purification code needs improvement (to prevent intentionally
stupid paths like "\\//*/*/../../*/.." from borking the server)
- a couple of other minor odds-and-ends
there's an example tac file in sandbox/slyphon/ftp_refactor/ftpsrv.tac
comments, suggestions, etc. welcomed
-Jonathan Simms
slyphon at twistedmatrix.com
More information about the Twisted-Python
mailing list