Closed servusoft closed 6 years ago
This also removes the protection of data in transit. If you find a way to use FTPS and FTP side by side feel free to create a new PR.
in the prior edition was the option ftp:ssl-protect-data
not setted.
the default value for ftp:ssl-protect-data is false
:
http://lftp.yar.ru/lftp-man.html
the SSL protection used only password transfer, but the data have no encryption.
ftp:ssl-protect-data =`true it sometime works and sometime time not.
I think, for secure file transfer should be used another plugin - SCP: http://plugins.drone.io/appleboy/drone-scp/
please accept the PR,. the current solution is not worse than your previous one.
in the prior edition was the option ftp:ssl-protect-data not setted. the default value for ftp:ssl-protect-data is false :
Yes that's why it's enabled by the line you removed.
the SSL protection used only password transfer, but the data have no encryption.
That's what your change would accomplish. Right now there's secure transfer of password and data.
ftp:ssl-protect-data =`true it sometime works and sometime time not.
If you set secure to false you also set this parameter to false
I think, for secure file transfer should be used another plugin - SCP:
SCP is quite different from FTPS and has other usecases.
please accept the PR,. the current solution is not worse than your previous one.
From a security POV it is worse.
We can long discus, but I need a working plugin. In my usecase this option causes errors.
I won't not use 'secure off', because it sends password plain. From a security POV it is 'no go'.
My solution would be to make one additional option more 'protect-data'. to sets theis to 'off', if needed. The default value should be 'on'.
Feel free to introduce this additional option but don't just remove things because they don't work for you. (Probably again because your hoster broke his FTP config)
sometimes with this option the transmission takes a long time.