some confusion on ftp security.
I was just wondering if there is a separate config file for the Medusa FTP server because it alows anonymous logins even when I have used the zope management interface to create a user say fgh who has the rights that would usually be given to the anonymous group. I even defined a matching group fgh and removed all rights from the anonymous group. The advantage is that the user can not see list or download any files but I was just suggesting that the user does not get a login prompt at all in the first place incase this user manages to find some way of exploiting the system.... (or have I missed something) Thanks. Patrick
Patrick wrote:
I was just wondering if there is a separate config file for the Medusa FTP server because it alows anonymous logins even when I have used the zope management interface to create a user say fgh who has the rights that would usually be given to the anonymous group. I even defined a matching group fgh and removed all rights from the anonymous group.
Don't quite follow the group bit. Medusa's FTP will let you login with _any_ username and password, IIRC (a bug IMHO) but you can only _do_ anything if a Zope user object exists with that username _and_ it has the rights to do what you want to do. Almost related, I've been havign trouble FTP'ing into a lot of our Zope instances with ange-ftp recently. Basically, login goes fine, but then it just sits there saying: Listing.... /chris@localhost 8021:/test/... ...where test si a DTML method. any ideas? Oh yeah, and there's still all those 'Unhandled connect event's when doing stuff via FTP, any idea what they mean? cheers, Chris
Thanks for that Chris, but isn't that quite risky? What I mean is that Medusa should not allow unauthenticated users to login at all because though one is not allowed to do anything as yet, you never know when someone will find a hack round that and then you end up with a denial of service attack or something?? ...Or am I just being over-paraniod :-( ? On Thu, 22 Mar 2001, Chris Withers wrote:
Medusa's FTP will let you login with _any_ username and password, IIRC (a bug IMHO) but you can only _do_ anything if a Zope user object exists with that username _and_ it has the rights to do what you want to do.
Almost related, I've been havign trouble FTP'ing into a lot of our Zope instances with ange-ftp recently. Basically, login goes fine, but then it just sits there saying:
Listing.... /chris@localhost 8021:/test/...
...where test si a DTML method.
any ideas?
Patrick wrote:
Thanks for that Chris, but isn't that quite risky? What I mean is that Medusa should not allow unauthenticated users to login at all because though one is not allowed to do anything as yet, you never know when someone will find a hack round that and then you end up with a denial of service attack or something??
...Or am I just being over-paraniod :-(
Not at all, I totally agree... stick it in the collector :-) cheers, Chris
Hmm.. if I recall correctly the problem goes something like this: say I have a user: joe defined in: /company/division/branch/group/acl_users when joe tries to FTP should Zope be expected to search all the 400 acl_users folders in the hierarchy until if finds a match? Or... what if there are *two* joe's which should I check? I think that the FTP permissions work just like HTTP permissions, they need a context to make any sense.. and if you can't log in at the root level.... you can't *get* to the context where you have any permissions. Unlike HTTP, FTP has the concept of a 'login' that is independent of traversal. I think the current behavior is a more or less reasonable attempt to deal with that problem. -steve
"CW" == Chris Withers <chrisw@nipltd.com> writes:
CW> Patrick wrote: >> Thanks for that Chris, but isn't that quite risky? What I >> mean is that Medusa should not allow unauthenticated users to >> login at all because though one is not allowed to do anything >> as yet, you never know when someone will find a hack round that >> and then you end up with a denial of service attack or >> something?? >> >> ...Or am I just being over-paraniod :-( CW> Not at all, I totally agree... stick it in the collector :-) CW> cheers, CW> Chris CW> _______________________________________________ Zope maillist CW> - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** CW> No cross posts or HTML encoding! ** (Related lists - CW> http://lists.zope.org/mailman/listinfo/zope-announce CW> http://lists.zope.org/mailman/listinfo/zope-dev )
On Thu, 22 Mar 2001, Steve Spicklemire wrote:
Hmm.. if I recall correctly the problem goes something like this:
say I have a user: joe defined in:
/company/division/branch/group/acl_users
when joe tries to FTP should Zope be expected to search all the 400 acl_users folders in the hierarchy until if finds a match? Or... what if there are *two* joe's which should I check?
That's part of the problem; but another problem is as (Chris pointed out) what if joe makes an error in logingin eg wrong username &/or wrong password; why does medusa log you in as annonymous user instead of breaking the connection altogether like most other ftp clients?
-steve
Hi Patrick, My point was that Zope can't tell the difference. If your username/password are defined way down deep.. Zope can't find it to check... so if you're not defined at the root level.. you're anonymous until you traverse (i.e., cd) to an area where Zope can check your credentials. At that point you either check out.. or you don't. If there are 15 users with a username 'joe', but in different branches, there is no problem, but each 'joe' will only get correctly authenticated as something other than anonymous in the branch where his password matches the 'joe' user for that branch. -steve
"Patrick" == Patrick <patrick@eahd.or.ug> writes:
Patrick> On Thu, 22 Mar 2001, Steve Spicklemire wrote: >> Hmm.. if I recall correctly the problem goes something like >> this: >> >> say I have a user: joe defined in: >> >> /company/division/branch/group/acl_users >> >> when joe tries to FTP should Zope be expected to search all the >> 400 acl_users folders in the hierarchy until if finds a match? >> Or... what if there are *two* joe's which should I check? Patrick> That's part of the problem; but another problem is as Patrick> (Chris pointed out) what if joe makes an error in Patrick> logingin eg wrong username &/or wrong password; why does Patrick> medusa log you in as annonymous user instead of breaking Patrick> the connection altogether like most other ftp clients? >> -steve
Is there a firewall between you and your zope instance. If your firewall prevents inbound connections, then all control commands will work, but data tranfers (retr, list, etc) will fail, since the ftp server will attempt to connect to you through a firewall. Change your ftp client to use passive ftp and everything should work. Passive ftp allows the client to make the connection for both control and transfer connections. Id on't know your client, but most ftp clients are capable fo passive mode. --sam Chris Withers wrote:
Patrick wrote:
I was just wondering if there is a separate config file for the Medusa FTP server because it alows anonymous logins even when I have used the zope management interface to create a user say fgh who has the rights that would usually be given to the anonymous group. I even defined a matching group fgh and removed all rights from the anonymous group.
Don't quite follow the group bit.
Medusa's FTP will let you login with _any_ username and password, IIRC (a bug IMHO) but you can only _do_ anything if a Zope user object exists with that username _and_ it has the rights to do what you want to do.
Almost related, I've been havign trouble FTP'ing into a lot of our Zope instances with ange-ftp recently. Basically, login goes fine, but then it just sits there saying:
Listing.... /chris@localhost 8021:/test/...
...where test si a DTML method.
any ideas?
Oh yeah, and there's still all those 'Unhandled connect event's when doing stuff via FTP, any idea what they mean?
cheers,
Chris
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- ---------------------------------------------------- "Nobody looks good with brown lipstick on." --Frank Zappa
sam gendler wrote:
Is there a firewall between you and your zope instance.
Come to think of it, there is now and there wasnt' before...
If your firewall prevents inbound connections, then all control commands will work, but data tranfers (retr, list, etc) will fail, since the ftp server will attempt to connect to you through a firewall.
Yup, knew that already, don't know why I didn't put one and one together ;-)
Change your ftp client to use passive ftp and everything should work.
Anyone know how I do that with ange-ftp in EMACS? cheers, Chris
Chris Withers <chrisw@nipltd.com> writes: [...]
Change your ftp client to use passive ftp and everything should work.
Anyone know how I do that with ange-ftp in EMACS?
Dunno how to do it with ange-ftp, I'm using efs which has a customizable variable efs-use-passive-mode. Cheers Siggy -- Siggy Brentrup - bsb@winnegan.de - http://www.winnegan.de/ ****** ceterum censeo javascriptum esse restrictam *******
Hi, my little Zope application works so far. But I just noticed, that some errors appear in the python dos window. Sometimes I get the following Errors: -Catalog uncatalogObject unsuccessfully attempted to uncatalog an object with a uid of /NewsFolder/NewsItems/N_1 -UnTextIndex unindex_object tried to unindex nonexistent document 0 Perhabs someone knows more aboute these errors. I think, that I didn't attemtpt to uncatalog an object. How could I? Thank you, Marc
On Fri, Mar 23, 2001 at 09:23:14AM +0000, Chris Withers wrote:
Change your ftp client to use passive ftp and everything should work.
Anyone know how I do that with ange-ftp in EMACS?
For XEmacs, add to your .emacs: (setq efs-ftp-program-name "pftp") For Emacs, the variable to set is ange-ftp-ftp-program-name. This assuming you have "pftp" somewhere on your PATH (here just a symbolic link to "ftp"; the different name makes it use passive mode by default). If you customize through M-x customize-browse, for Emacs you may find this under: Emacs -> Files -> Ange Ftp -> Ange Ftp Ftp Program Name -- jmce: +351 919838775 ~ http://artenumerica.com/ ~ http://artenumerica.org/
J M Cerqueira Esteves wrote:
For Emacs, the variable to set is ange-ftp-ftp-program-name.
This assuming you have "pftp" somewhere on your PATH (here just a symbolic link to "ftp"; the different name makes it use passive mode by default).
If you customize through M-x customize-browse, for Emacs you may find this under:
Emacs -> Files -> Ange Ftp -> Ange Ftp Ftp Program Name
How about on Windows NT? cheers, Chris
participants (7)
-
Chris Withers -
J M Cerqueira Esteves -
Marc Fischer -
Patrick -
sam gendler -
Siggy Brentrup -
Steve Spicklemire