Bill Janssen <[EMAIL PROTECTED]> added the comment:
On Fri, Mar 21, 2008 at 5:43 AM, Robert E. <[EMAIL PROTECTED]> wrote:
>
> Robert E. <[EMAIL PROTECTED]> added the comment:
>
> Concerning the plain-text login. I think a FTPS class should default to
> encrypted login (you could use the ftp class if you dont want). In no
> way should the login credentials be sent unencrypted on default. Using
> another parameter might be a soulution to that, though I would prefer
> the library to raise an error if establishing an FTPS connection did not
> succeed. The main program could then catch it and decide how to proceed
> (using plain ftp or aborting according to a given policy).
Sounds reasonable to me.
Note that FTP is an old and somewhat gnarly protocol, and
doesn't work the way more recent application protocols do. The SSL
module is designed for TCP-based single-connection call-response
protocols, more or less. Doing FTPS right might mean we'd have to
extend it.
Added file: http://bugs.python.org/file9807/unnamed
__________________________________
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue2054>
__________________________________
On Fri, Mar 21, 2008 at 5:43 AM, Robert E. <<a href="mailto:[EMAIL
PROTECTED]">[EMAIL PROTECTED]</a>> wrote:<br><div
class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px
solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Robert E. <<a href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</a>>
added the comment:<br>
<div class="Ih2E3d"><br></div>Concerning the plain-text login. I think a FTPS
class should default to<br>
encrypted login (you could use the ftp class if you dont want). In no<br>
way should the login credentials be sent unencrypted on default. Using<br>
another parameter might be a soulution to that, though I would prefer<br>
the library to raise an error if establishing an FTPS connection did not<br>
succeed. The main program could then catch it and decide how to proceed<br>
(using plain ftp or aborting according to a given
policy).</blockquote><div><br>Sounds reasonable to me.<br><br>Note that FTP is
an old and somewhat gnarly protocol, and<br>doesn't work the way more
recent application protocols do. The SSL<br>
module is designed for TCP-based single-connection call-response<br>protocols,
more or less. Doing FTPS right might mean we'd have to<br>extend
it.<br><br></div></div><br>
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
