Sru*_*lla 4 java apache ftp ftp-client
当它调用ftp.login(user,pwd)时,它开始打印密码和用户名,这很容易暴露。有没有办法让它不打印密码。
输出:
220 <xxxx>- FTP Server ready
USER <prints username here>
331 Password required for <username>
PASS <printspassword here>
230 User <username> logged in
码:
public FTPDownloadBB(String host, String user, String pwd) throws Exception
{
FTPClient ftp ftp = new FTPClient();
ftp.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));
int reply;
ftp.connect(host);
reply = ftp.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply))
{
ftp.disconnect();
throw new Exception("Exception in connecting to FTP Server");
}
ftp.login(user, pwd);
ftp.setFileType(FTP.BINARY_FILE_TYPE);
ftp.enterLocalPassiveMode();
}
小智 5
您可以通过将一个附加的布尔值传递给PrintCommandListener来隐藏登录详细信息,同时保留协议日志记录,如下所示:
FTPClient ftp = new FTPClient();
ftp.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out), true));
根据JavaDoc,此重载的构造函数提供以下实用程序:
/**
* Create an instance which optionally suppresses login command text.
*
* @param writer where to write the commands and responses
* @param suppressLogin if {@code true}, only print command name for login
*
* @since 3.0
*/
我们可以在结果日志中看到此处,其中禁止了用户名和密码信息:
Connected to the target VM, address: '127.0.0.1:61411', transport: 'socket'
220 FTP Server ready.
USER *******
331 Password required for demo_user
PASS *******
230 User demo_user logged in
TYPE I
200 Type set to I
Disconnected from the target VM, address: '127.0.0.1:61411', transport: 'socket'
| 归档时间: |
|
| 查看次数: |
893 次 |
| 最近记录: |