Hi! :)
Hmm, yes, something like isSecure would probably help a lot :)
also realized I can probably make ftpservlet's return the error/return
code to the user I want by using the response object, hadn't realized
that yet .Atleast, I think so, still looking into that.
A option to disalow any other action (as in other commands? what would
you disable, user/pass are already done by then right?) would fit the
bill too indeed, as long as it's not possible to download files
unsecured, that's the main goal :)
Could something like that be considered a 'standard' option tho?
otherwise a ftplet would make more sence, since those are all about
customization (And would make a nice showcase for ftplets :) ).
Cheers!
Jeroen
Niklas Gustavsson wrote:
On Wed, Aug 6, 2008 at 7:09 PM, Jeroen Cranendonk
<[EMAIL PROTECTED]> wrote:
One thing we now want to do is to only allow a user to read files once they
have set up a fully secured connection, both on the Command (AUTH) and data
(PROT P) channel.
I think I can get quite a way doing this using a ftplet, but I'd appreciate
your thoughts on the best way to do this :)
The FtpSession gives me knowledge on wether the command and data channel are
secured (I hope :) ).
And I can return skip or disconnect from the ftplet in the onDownloadStart
etc. methods (I'd prefer a return value that gives a unauthorized or so
error to the user, but disconnect or skip will probably suffice).
Yes, that sounds like a good option. We have previously had a request
for FtpServer to have an option to check this on it own. That is, you
would configure the server to disallow any further action until AUTH
and PROT has been sent from the client. Please tell us if you think
this would be beneficial in your case.
As for using Ftplets, it's currently not all that simple to detect
that the control socket is secure, we should maybe add a isSecure() to
allow checking that. What do you think?
/niklas
