I was debugging the FTPAPI utility for implementing new FTP SSL
functionality through sockets that was using standard FTP instead of
passive by default.  When I got the "500 Illegal PORT command" trying to
list files, I tried the IBM FTP client with the SENDPASV 0.  I got the same
error on the "ls".  FTP'ing to an outside non-SSL site was fine for
standard FTP (non-passive).  So, I should always make sure I use passive
like the default on the IBM FTP client for at least that particular secure
SSL site.  I heard the apache FTP server only allows passive connections
for encrypted data connections.  It appears the bank site I am trying to
connect to only allows passive data connections.  I still get the error
when using *CLEAR for the data protection.  I heard that passive
connections are recommended for SSL FTP data connections.  I wasn't even
going to try to program the utility to allow SSL FTP on standard FTP
connections since it was complex, possibly rare, and I couldn't even test.
I wonder if most secure sites make passive data connections mandatory.
Is standard (non-passive) FTP SSL something that should never be done?
Also, IBM changed their data connection mode default from standard to
passive at V4R2M0.  I am assuming most people don't have the
QUSRSYS/QTMFTPPASV data area isn't installed to override this.  I think
passive is usually preferred so the remote server doesn't get blocked by
the client's firewall on connection.  In passive mode, the client opens
another connection to the server specified by the server.  Is standard FTP
becoming obsolete due to  firewall restrictions?  Are most sites required
to support passive mode?

Craig Strong


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.