You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2011/06/16 21:22:47 UTC
[jira] [Commented] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13050663#comment-13050663 ]
Niklas Gustavsson commented on FTPSERVER-420:
---------------------------------------------
>From an initial review, it looks good. However, I'm missing the check if the port is currently in use. This is required as ports can be used by other processes.
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira