~sschwarzer/ftputil#146: 
Allow to trust pasv sent from server in session_factory

Hello,

Python recently made the ftplib not trusting the PASV response sent from the server by default : ​https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33

This means that if we rely on the IP sent back by the server, we need to set trust_server_pasv_ipv4_address to True.

When using ftputil, it means that we have to create a subclass specifically for this, as for now the option is not available in the session_factory.

Working code : ``` import ftplib

class FTPTrustPASV(ftplib.FTP_TLS):

def init(self, host, userid, password, port, debug_level: int = 0):

"""Act like ftplib.FTP's constructor but force trusting the pasv from the server.""" super().init() self.trust_server_pasv_ipv4_address = True self.connect(host, port) self.login(userid, password) self.prot_p() self.debug_level = debug_level

```

Being able to set trust_server_pasv_ipv4_address from the session_factory, without having to create a whole new subclass, would be pretty nice.

Status
RESOLVED WONT_FIX
Submitter
ftputiluser (unverified)
Assigned to
No-one
Submitted
3 years ago
Updated
3 years ago
Labels
enhancement library

schwa (unverified) 2 years ago · edit

Sorry I'm replying so late. I couldn't make up my mind and postponed answering.

Since the change in ftplib is for increased security, I don't want to "encourage" setting the flag from session_factory. Of course this doesn't prevent a user from setting the flag, as your example shows. :-)

I don't think it would be an outright "bad" idea to support the flag, but I'm not convinced it should be explicitly supported either. Therefore, I'm closing the ticket as "wontfix" (since I don't want to add a "wontenhance" resolution especially for this ticket ;-) ).

Register here or Log in to comment, or comment via email.