Article delegate-en/3169 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Transfering files from FTP server over HTTPS
28 Mar 2006 13:26:51 GMT Marcelo Spohn <>

Hi Yutaka,

Thanks for your feedback!!! Please check my comments inline.


Yutaka Sato wrote:

>In message <_A3166@delegate-en.ML_> on 03/28/06(10:19:48)
>you Marcelo Spohn <> wrote:
> |Thanks a lot for your feedback! Uploading to an FTP server via an
> |HTTPS-proxy seems to be working in Delegate.
>Hmm... Which HTTP client are you using?
>Indeed DeleGate supports uploading to FTP server via HTTP with PUT method,
>but I'm not sure if it is supported in common browsers...

    I'm using curl as the https client.

> |Could you please be more
> |specific as of why the Delegate configuration is prone to security
> |problems in such a proxy mode?
>It might be my excuse why I've not implemented more generic method
>for uploading with POST method + Content-Type:x-form. :p
>But anyway a proxy allowing uploading to a FTP server will prone to
>dangerous compared with a download-only proxy.  You must be
>careful enough not to dig a security hole with it.
> |BTW, the config file I'm currently using is as follows:
> |
> |    -vv
> |    LIBPATH='${LIBDIR}:/usr/local/lib:/usr/lib'
> |    -P17777
> |    OWNER="paul/linus"
> |    SFPROOT="/home/paul"
> |    SERVER=https
> |    FCL=sslway
> |    MOUNT="/**"
> |    MYAUTH="%U:%P"
> |    RELAY=proxy,delegate
> |    PERMIT="ftp:*:*"
> |    REMITTABLE=+,ftp
>Your configuration allows anyone to access arbitrary FTP servers via
>the proxy.  It might be your intention (specifying RELAY=delegate),
>but I think it should be restricted so that only the target server
>is accessible as PERMIT="ftp:*"

    Thank you very much for pointing that out!!!

>BTW, what does SFPROOT mean?

    Ooops, sorry! That's a typo resulting from editing the config prior
    to posting it. It should be read DGROOT.

>  D G   Yutaka Sato <>
> ( - )  National Institute of Advanced Industrial Science and Technology
>_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
>Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]