[EMAIL PROTECTED] writes:
> There is a good reason some servers (like the one i have written) do not
> allow server-server transfers. if it did allow the user to tell the
> server to connect to any ip, you could attack any server/port on the
> network with abibrary data using the resources of the ftp server to do
> so. By only allowing the server to connect to the IP the control
> connection comes from, possible damage is limited.
Only if you're allowed to log in to the server in the first place. It
certainly doesn't make sense for non-passive anonymous FTP but that's not the
only use for FTP.
> BTW, nobody uses server to server transfers AFAIK.
Security people have an annoying tendency to want to throw away useful
features for dubious security gains. At least we should be clear when this is
happening and not let it happen without discussion.
--
greg
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
