You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2014/11/29 02:56:12 UTC
[jira] [Commented] (NET-557) FTPClient Login suppression
inconsistent
[ https://issues.apache.org/jira/browse/NET-557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14228591#comment-14228591 ]
Sebb commented on NET-557:
--------------------------
The code currently only masks the user and password in request messages.
It can do this because the format of the request message is strictly controlled.
However the format of the 331 and 230 response messages may vary between different FTP servers (and may be in a different language).
Note also that the user name is in different places in the two messages.
I'm not sure it's possible to reliably redact the user name unless one removes the entire text of the message.
This seems excessive, and may result in losing important information.
> FTPClient Login suppression inconsistent
> ----------------------------------------
>
> Key: NET-557
> URL: https://issues.apache.org/jira/browse/NET-557
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 3.3
> Environment: Window 7, Java 7
> Reporter: Phil Dicke
> Priority: Minor
>
> The following code prints out the user name in one instance and masks it in the other. The password is masked in both cases. I would prefer the user name to be masked in both cases as well.
> {code}
> FTPClient client = new FTPClient();
> client.addProtocolCommandListener(new PrintCommandListener(System.out, true));
> client.connect(host);
> client.login(user, pass);
> {code}
> Output (Notice the user name is printed on the response)
> {code}
> 220 Microsoft FTP Service
> USER *******
> 331 Password required for ftpTest.
> PASS *******
> 230 User ftpTest logged in.
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)