Validate user on FreeBSD
Steven Taschuk
staschuk at telusplanet.net
Thu Mar 20 21:52:06 EST 2003
Quoth Dan Nyanko:
> What I have working so far is the client can send a file across the
> link to the server, and it is written into the directory that the
> server program resides in. I would like to add an authentication step
> that would send it to the valid users home directory, e.g.
> /home/cp_ru/filename.tar.gz
Can't the client just specify a filename of "/home/cp_ru/filename"?
That seems to do more or less what you want, but it points out a
gaping security hole in the server; the client could specify a
filename of, say, "/etc/passwd", which would be bad. (I assume
the server is running as root so it can bind to port 510.)
Why not just use ftp or sftp?
--
Steven Taschuk w_w
staschuk at telusplanet.net ,-= U
1 1
More information about the Python-list
mailing list