[FEATURE REQUEST]Disallow 'PROT P' for FTPES

Moderator: Project members

Post Reply
Message
Author
Maniaxx
500 Command not understood
Posts: 5
Joined: 2011-03-04 17:39

[FEATURE REQUEST]Disallow 'PROT P' for FTPES

#1 Post by Maniaxx » 2011-03-04 21:45

Hallo,
would be great to have an option to disallow 'PROT P' for FTPES.

regards
Maniaxx

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: [FEATURE REQUEST]Disallow 'PROT P' for FTPES

#2 Post by botg » 2011-03-05 08:42

Won't happen. FTP over TLS is utterly pointless if the data isn't protected.

Maniaxx
500 Command not understood
Posts: 5
Joined: 2011-03-04 17:39

Re: [FEATURE REQUEST]Disallow 'PROT P' for FTPES

#3 Post by Maniaxx » 2011-03-05 17:56

That's not true. There is 'PROT C' for a reason. Most people just want username and password transfered encrypted and do not want the client to steal cpu power uselessly and therefor enforce PROT C by server or disallow PROT P. We're talking about 'COMMAND CHANNEL' encryption only. There is nothing like no encryption in this mode. There IS encryption. That's what it is intended for. To protect login data and optionally the data. If the data is not sensitive there is no need to encrypt them. I pump data on a gigabit network. That DOES have impact on CPU power if you enable DATA encryption.

http://wiki.filezilla-project.org/SSL/TLS
http://wiki.filezilla-project.org/FTPS_ ... 8Server%29
Reasons to disable encryption

It may not be advantageous to use data channel encryption when performing transfers under the following scenarios:

* Files being transferred are of a non-sensitive nature, making encryption unnecessary
* Files being transferred are already encrypted at the file level, making encryption redundant
* Available TLS or SSL encryption modes do not meet desired level of encryption. This is common with older FTPS clients or servers that may have been limited to 40-bit SSL due to previous United States high-encryption export laws.

It may not be advantageous to use control channel encryption under the following scenarios:

* Use of FTPS when the client and/or server resides behind a network firewall or network address translation (NAT) device. (See Firewall Incompatibilities below)
* Repeated use of AUTH and CCC/CDC commands by anonymous FTP clients within the same session. Such behavior can be utilized as a resource-based denial of service attack as the TLS/SSL session must be regenerated each time, utilizing server processor time.
http://en.wikipedia.org/wiki/FTPS

albertfc
500 Command not understood
Posts: 1
Joined: 2013-03-06 14:27

Re: [FEATURE REQUEST]Disallow 'PROT P' for FTPES

#4 Post by albertfc » 2013-03-06 14:34

Hi,

I've added some kind of support for PROT C. Check this.

regards

Maniaxx
500 Command not understood
Posts: 5
Joined: 2011-03-04 17:39

Re: [FEATURE REQUEST]Disallow 'PROT P' for FTPES

#5 Post by Maniaxx » 2013-03-06 18:31

Thank you. I cannot test it atm though.

Post Reply