how to use FTP SSL c#

views:

521

answers:

+1 Q:

how to use FTP SSL c#

By using following code, My client application is connecting to the Secured FTP Server and pushing file up there successfully. Do you think the following approach is still leaving the security hole by accepting all the certificates. If so, can anybody help me out to pass the specific certificate from client i have on FTP server.

ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);

// Where AcceptAllCertifications is defined as...

public bool AcceptAllCertifications(object sender,
    System.Security.Cryptography.X509Certificates.X509Certificate certification,
    System.Security.Cryptography.X509Certificates.X509Chain chain,
    System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
    return true;
}

+1 A:

I'm not sure about validating a specific certificate from the server, but the security issue you introduce with this scenario is pretty straightforward.

In this case an attacker could place himself between you and the server and redirect the traffic to himself, pose as another secure FTP site (which you can't distinguish because you're not checking the server's credential) and take your upload or offer you files to download. A particularly insidious attacker would actually forward files on to the real server, possibly with small changes, if they could in order to make you think everything was working fine.

Verifying the server's certificates ensures that you are FTPing files to or from the right destination

Hounshell 2009-08-18 00:11:10

ansaurus

tags:

views:

answers:

how to use FTP SSL c#

related questions