Changes between Initial Version and Version 1 of Ticket #7859

Timestamp:

Nov 27, 2015, 8:48:48 AM (8 years ago)

Author:

Tim Kosse

Comment:

This is necessary to ensure interoperability with clients expecting a matching data connection IP in order to mitigate FTP data connection stealing attacks.

Especially if using IPv6 with enabled privacy extensions, failure to bind the data connection IP has adverse effects.

Generally you should avoid server-to-server transfers, they aren't secure.