[
https://issues.apache.org/jira/browse/FTPSERVER-349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12841634#action_12841634
]
DevNull43 commented on FTPSERVER-349:
-------------------------------------
The only solution is to check if List is empty and then ignore it, this works
however I'm concerned if this can be a security breach:
WhiteList.java:
private boolean isAllowed(IoSession session) {
SocketAddress remoteAddress = session.getRemoteAddress();
if (!whitelist.isEmpty()){
if (remoteAddress instanceof InetSocketAddress) {
InetAddress address = ((InetSocketAddress)
remoteAddress).getAddress();
LOGGER.debug("Checking whitelist: " + address);
// check all subnets
for(Subnet subnet : whitelist) {
if(subnet.inSubnet(address)) {
LOGGER.debug("Allowed: " + address);
return true;
}
}
}
LOGGER.debug("Denied");
return false;
}else{
LOGGER.trace("No WhiteList configured");
return true;
}
}
> WhiteList
> ---------
>
> Key: FTPSERVER-349
> URL: https://issues.apache.org/jira/browse/FTPSERVER-349
> Project: FtpServer
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.0.3
> Reporter: DevNull43
> Priority: Trivial
> Fix For: 1.1.0
>
> Attachments: WhiteList.txt
>
>
> WhiteList filer
> Restricting access to FTP based on a WhiteList
> BlackList -> Allow all, Deny some.
> WhiteList -> Deny all, Allow some.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
