Re: Automatic FTP account creation

From: Stefan Osterlitz (osterlitz@p-p.de)
Date: 05/27/02 

From: "Stefan Osterlitz" <osterlitz@p-p.de>
To: "lists@tigerteam.cc" <lists@tigerteam.cc>, "security-basics@securityfocus.com" <security-basics@securityfocus.com>
Date: Mon, 27 May 2002 09:32:56 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 23 May 2002 18:05:16 -0400, Lists wrote:

>I'm looking for a "secure" way to automatically create FTP accounts on a
>FTP server in the DMZ from an internal server.
>
>Here's the scenario:
>
>Client has multiple customers (hundreds) and would like to have the
>ability for their customers to be able to upload/download files from
>their FTP server. They envision an internal employee (primary client
>contacts, non technical) going to an internal web server interface and
>keying in a username and password. They would like this to kick off a
>creation of a user on the FTP server with a home directory being created
>for the user will full rights to the directory. Furthermore they would
>like this account to be active for "X" days before expiring with the
>optional ability to delete the entire directory automatically.
>
>Anyone ever run across something like this?

look into pure-ftpd with the mysql/ldap backend..
then you can put a simple php interface on top of the mysql db. that's it.
php can verify the user by ip,password,certificate etc.. HTTPS is adviseable as well.

>
>Platform is not important, can be a UNIX or NT based FTP server. This
>request has obvious security issues but if you knew the client you'd
>agree this is the least of their worries.

it is. this would be a screaming horror under NT with IIS.. IMHO

Stefan Osterlitz

PGP Public Key Fingerprint: 8A9C BC27 6D98 E447 09E8 F78B 7527 21C6

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.

iQA/AwUBPPHTGXUnIcbqP8k9EQKFtQCgiNZyuTdnb1HUPtfjsYaW7K4y22EAn1H0
a3tAdtC2DVwmPXIV3IR0qEoD
=6wbc
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: file transfer in python
    ... the receiver end should have an FTP server installing and running. ... Or, if you have ssh (client and server) installed, you could simply ... For the FTP approach, as Francesco said, the Python standard library ... The subprocess + scp method may be slower than the XML-RPC method, ...
    (comp.lang.python)
  • Re: file copying
    ... Remote Desktop has high bandwidth requirements ... Such that little upstream bandwidth is left for file transfers ... thankyou for that, how do i setup ftp server + client, do i have to set up server on pc with files i require and client on pc i need to copy to. ...
    (uk.comp.homebuilt)
  • Re: Isaserver 2004 and FTP
    ... I'm running IE on a ISA firewall client and I am trying to ... > Is the ISA server publishing an ftp server and you are accessing it from a ... > Are you running IE on the ISA server trying to access a remote ftp server ...
    (microsoft.public.isaserver)
  • Re: Client to telnet into server and then ftp to another server
    ... I am trying to write a java client that connects to a ftp server. ... The idea is first to connect via telnet, then connect to the ftp server ... and then download/upload files. ...
    (comp.lang.java.programmer)
  • Socket inactivity monitor - can it be done?
    ... ftp server in use here is 'pure ftp', ... requests a file from the server, in effect, the client ... and the real ftp server opens a socket connection ... it will stop pushing data out to the client through the socket... ...
    (comp.unix.programmer)