Message 64296 - Python tracker (original) (raw)

On Fri, Mar 21, 2008 at 5:43 AM, Robert E. <report@bugs.python.org> wrote:

Robert E. <robert@re-factory.de> added the comment:

Concerning the plain-text login. I think a FTPS class should default to encrypted login (you could use the ftp class if you dont want). In no way should the login credentials be sent unencrypted on default. Using another parameter might be a soulution to that, though I would prefer the library to raise an error if establishing an FTPS connection did not succeed. The main program could then catch it and decide how to proceed (using plain ftp or aborting according to a given policy).

Sounds reasonable to me.

Note that FTP is an old and somewhat gnarly protocol, and doesn't work the way more recent application protocols do. The SSL module is designed for TCP-based single-connection call-response protocols, more or less. Doing FTPS right might mean we'd have to extend it.