Thread: Cpsv
View Single Post
Old 11-23-2004, 04:59 PM  
Too much time...
Join Date: May 2003
Posts: 1,326

CPSV support was originally removed in Beta-5.0 if I remember correctly, since darkone didn't have the time to finish the SSL site-to-site connection stuff for the initial Beta-5.0 release. Once he took some time to look at it later, he realized there was a serious flaw in the current design that didn't verify the SSL certificate's fingerprint. This in turn made the site-to-site transfer (FXP) vulnerable to MTM (man in the middle) attacks. Darkone wrote a few posts on the required changes needed to secure the current design, which unfortunately will not make it into ioFTPD until Beta-6 or so.

Edit: Found the article/post links.
neoxed is offline   Reply With Quote