Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pyftpdlib should impose a delay before replying for invalid credentials #73

Closed
giampaolo opened this issue May 28, 2014 · 6 comments
Closed
Assignees
Labels
Component-Library enhancement imported imported from old googlecode site and very likely outdated Priority-High RFC Security

Comments

@giampaolo
Copy link
Owner

From billiej...@gmail.com on July 14, 2008 19:41:36

To minimize the risk of brute force password guessing through the FTP
server, RFC-2257 [1] suggests that the server must impose a 5 second delay
before replying to an invalid "PASS" command.
This can be done after having implemented the scheduled functions described
in Issue 72 .

[1] http://www.ietf.org/rfc/rfc2577.txt

Original issue: http://code.google.com/p/pyftpdlib/issues/detail?id=73

@giampaolo giampaolo self-assigned this May 28, 2014
@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on July 18, 2008 03:48:06

Labels: Version-0.4.0

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on July 18, 2008 04:00:05

Implemented in r348 .

Status: Finished

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on September 20, 2008 11:15:03

Fixed/Implemented in version 0.5.0 which is released now.

Status: Fixed

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on October 13, 2008 12:13:14

Labels: Component-Library

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on November 17, 2008 05:18:14

Labels: -Type-Defect Type-Enhancement

@giampaolo
Copy link
Owner Author

From g.rodola on August 11, 2010 15:20:02

Owner: g.rodola

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component-Library enhancement imported imported from old googlecode site and very likely outdated Priority-High RFC Security
Projects
None yet
Development

No branches or pull requests

1 participant