search

cschlosser / drone-ftps

Deploy to FTPS server from Drone CI build
https://hub.docker.com/r/cschlosser/drone-ftps/
Apache License 2.0
20 stars 16 forks source link

remove lftp option 'ftp:ssl-protect-data' #5

Closed servusoft closed 6 years ago

servusoft commented 6 years ago

sometimes with this option the transmission takes a long time.

cschlosser commented 6 years ago

This also removes the protection of data in transit. If you find a way to use FTPS and FTP side by side feel free to create a new PR.

servusoft commented 6 years ago

in the prior edition was the option ftp:ssl-protect-data not setted. the default value for ftp:ssl-protect-data is false : http://lftp.yar.ru/lftp-man.html the SSL protection used only password transfer, but the data have no encryption.

ftp:ssl-protect-data =`true it sometime works and sometime time not.

I think, for secure file transfer should be used another plugin - SCP: http://plugins.drone.io/appleboy/drone-scp/

servusoft commented 6 years ago

please accept the PR,. the current solution is not worse than your previous one.

cschlosser commented 6 years ago

in the prior edition was the option ftp:ssl-protect-data not setted. the default value for ftp:ssl-protect-data is false :

Yes that's why it's enabled by the line you removed.

the SSL protection used only password transfer, but the data have no encryption.

That's what your change would accomplish. Right now there's secure transfer of password and data.

ftp:ssl-protect-data =`true it sometime works and sometime time not.

If you set secure to false you also set this parameter to false

I think, for secure file transfer should be used another plugin - SCP:

SCP is quite different from FTPS and has other usecases.

please accept the PR,. the current solution is not worse than your previous one.

From a security POV it is worse.

servusoft commented 6 years ago

We can long discus, but I need a working plugin. In my usecase this option causes errors.

I won't not use 'secure off', because it sends password plain. From a security POV it is 'no go'.

My solution would be to make one additional option more 'protect-data'. to sets theis to 'off', if needed. The default value should be 'on'.

cschlosser commented 6 years ago

Feel free to introduce this additional option but don't just remove things because they don't work for you. (Probably again because your hoster broke his FTP config)