Hi,

In message <_A3166@delegate-en.ML_> on 03/28/06(10:19:48)
you Marcelo Spohn <pjygabdyi-mxhgu467e73w.ml@delegate.org> wrote:
 |Thanks a lot for your feedback! Uploading to an FTP server via an
 |HTTPS-proxy seems to be working in Delegate.

Hmm... Which HTTP client are you using?
Indeed DeleGate supports uploading to FTP server via HTTP with PUT method,
but I'm not sure if it is supported in common browsers...

 |Could you please be more
 |specific as of why the Delegate configuration is prone to security
 |problems in such a proxy mode?

It might be my excuse why I've not implemented more generic method
for uploading with POST method + Content-Type:x-form. :p
But anyway a proxy allowing uploading to a FTP server will prone to
dangerous compared with a download-only proxy.  You must be
careful enough not to dig a security hole with it.

 |BTW, the config file I'm currently using is as follows:
 |
 |    -vv
 |    LIBPATH='${LIBDIR}:/usr/local/lib:/usr/lib'
 |    -P17777
 |    OWNER="paul/linus"
 |    SFPROOT="/home/paul"
 |    SERVER=https
 |    FCL=sslway
 |    MOUNT="/* ftp://10.10.0.1:22223/*"
 |    MYAUTH="%U:%P"
 |    RELAY=proxy,delegate
 |    PERMIT="ftp:*:*"
 |    REMITTABLE=+,ftp

Your configuration allows anyone to access arbitrary FTP servers via
the proxy.  It might be your intention (specifying RELAY=delegate),
but I think it should be restricted so that only the target server
is accessible as PERMIT="ftp:10.10.10.1:*"

BTW, what does SFPROOT mean?

Cheers,
Yutaka
--
  D G   Yutaka Sato <pfqcabdyi-mxhgu467e73w.ml@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller