A typical explicit FTPS session might consist of the following sequence of commands:
> USER (user-name) Provide user-name > PASS (password) Provide password > LIST Get a directory listing > AUTH TLS Switch to TLS on control-channel > RETR (file-name) Download a file (without security) > PBSZ 0 > PROT P Switch to TLS on the data-channel > STOR (file-name) Upload a file (with security) > QUIT End session
In this example, the first three commands (USER, PASS, and LIST) are standard FTP and therefore insecure. The AUTH command causes the rest of the commands to be sent to the server securely, in other words, an attacker cannot see which commands are issued. The RETR command (to fetch a file from the server), being after AUTH, is protected, but the actual file that is transferred is not protected since it precedes the PBSZ and PROT commands. PBSZ and PROT tell the server to use TLS on all future data-channels, thus the file transferred in the STOR command (which stores a file on the server) is secure.
There are two rules regarding the issuing of explicit FTPS commands that must be followed:
1. AUTH must precede PBSZ 2. PBSZ must precede PROT
Apart from these, a FTPS server has policies regarding access permissions to its resources. These policies will also determine the order in which commands must be issued. There are too many possible policies to list here, but a few examples of such policies are given below along with their consequences in terms of the issuing of commands.
Policy
|
Consequences
|
· No unprotected commands
|
AUTH must be issued before any other
commands.
|
· Certain users are not permitted to log
in without security.
|
The USER command is rejected for
particular users unless preceded by a
successful AUTH command.
|
· No unprotected data may be
transferred
|
A 'PROT P' command (preceded by a PBSZ
command) must be issued before any files
are transferred.
|
· Allow TLS authentication instead of
USER/PASS authentication
|
A client certificate must be supplied and
USER/PASS commands are not required.
|