Minimalistic FTP server
This is a very minimalistic FTP server that only processes commands relevant to Condensation.
2016-01-06 – condensation-ftp-server
Since Condensation does not require the communication with the store to be encrypted, using the – a priori – insecure FTP protocol is perfectly all right. However, using a generic FTP server is not a great option, since it would allow an attacker to carry out arbitrary file system operations within the store folder. Using this minimalistic FTP server instead has several advantages:
- No generic file or folder operations are allowed. All commands are interpreted as being part of an object put/get, or a box list/add/remove request.
- Any command not needed for Condensation is ignored.
- The configuration is simple and straightforward.
- You may run this server as a user with access to the store folder only.
- The source code is just about 450 lines long. Code audit is therefore very simple.
Objects and accounts are stored on the file system. Use the cn tools to collect garbage.
Due to the plain-text nature of FTP, no meaningful user authentication is possible. Hence, any username and password are accepted. Do not use this as your primary store, since malicious users may purge arbitrary private and message boxes.
Note that the FTP protocol is not very efficient. This store is therefore not recommended for large volumes.
Running the server
To run this server, type:
on the command line. To run it in the background, use something like this:
./condensation-ftp-server > log-file
The configuration can be modified at the top of the executable (Perl script).
FTP Store (client)