Closed Bug 310204 Opened 19 years ago Closed 3 years ago

UI pref to change anonymous ftp password (the default, mozilla@example.com, is rejected by ftp.mayo.edu)

Categories

(Firefox :: Settings UI, enhancement)

Product:
Firefox
Component:
Settings UI
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: zanella, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7

There needs to be a way to set the anonymous ftp password for sites that use
strict password checking for anonymous ftp passwords. 

for instance, if you connect to ftp://ftp.mozilla.org, you are logged in. 

if you try ftp://ftp.mayo.edu, you get a "login incorrect"

Mozilla had this feature, and you could find it in prefs.js as. it was 
entered in edit -preferences - advanced. 

user_pref("network.ftp.anonymous_password", "zanella@mayo.edu"); 



Reproducible: Always

Steps to Reproduce:
1.point browser at ftp://ftp.mayo.edu 
2.login incorrect
3.
You can go to about:config to set the pref.
Or just use a link like ftp://ftp:zanella%40mayo.edu@ftp.mayo.edu

Resolving Invalid (in the not-a-bug sense)
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Using the link:

ftp://ftp:zanella%40mayo.edu@ftp.mayo.edu

as suggested worked. Thanks for the point out. 

I still think that this is a feature that needs to be added back into
edit-preferences (so, maybe not a bug anymore). For one thing, the
every-man-on-the-street won't know to edit prefs.js to add this in. Second,
adding it in manually still doesn't work and/or editing it with about:config
does not work. 

Did a good 30 minutes of googling on this problem and it's quite apparent that 
there are many others out there that are encountering it (incorrect login).
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Looking at the code, the preference "advanced.mailftp" also needs to be set to
"true" before network.ftp.anonymous_password will be obeyed.  Though this may
change in the future, see bug 208821.

In any case, removing the UI was intentional.  It is much better to use an FTP
link as shown, since you have control over which servers get your email address.
 If you set the prefs, every anonymous FTP connection gets your email address.

Response?
Adding advanced.mailftp fixed it. Thanks. 

I also just learned that ftp://ftp:zanella\@mayo.edu@ftp.mayo.edu
works as well. 

As far as not adding something back into the UI just because 
you don't want an ftp server to get your email address assumes
that you are giving it a real email address. 

When strict password checking is turned on for some anonymous ftp servers
(wu-ftp for one), it is only looking a legitimate *looking* password, in other
words, something before and something after an @. 

So...maybe the solution isn't to add it back into the UI, but rather put 
put the two entries necessary for anonymous ftp back into the pref.js on the
distribution, and put in a bogus email address (bit-bucket@noreply.com). 
The bogus address mozilla@example.com is used if no other anonymous password is
provided (no prefs necessary, it's hard-coded into the Mozilla FTP
implementation).  ftp.mayo.edu seems to be coded to recognize, and disallow
access, when that address is provided (based on quick testing).

The user-experience when this happens has been improved in more recent versions
of Firefox/Mozilla.  Bug 124561 was fixed, so when the initial login attempt
fails, you are prompted to supply a different password.

Do those two items address your concerns?  Or would you still like to see the
default anonymous password easily configurable?
Severity: normal → enhancement
Summary: no way to set anonymous ftp password on ftp sites with strict password checking → UI pref to change anonymous ftp password (the default, mozilla@example.com, is rejected by ftp.mayo.edu)
Strange...if I use command line ftp to ftp.mayo.edu and supply
mozilla@example.com, I get a login failure. But when I keep the session open,
and supply "user ftp" and the same mozilla@example.com, it lets me in.
ftp.mayo.edu is a redhat box (or some derivative)..I wouldn't be surprised if
they had some code in there disallowing example.com. 

"Bug 124561 was fixed, so when the initial login attempt
fails, you are prompted to supply a different password."

I'm using firefox 1.0.7 on Linux and I don't get a prompt after the first
failre. 

Your call really...I would be  happy with a 2nd popup or a 
a place in the UI to configure the default anon ftp password. I think my
preference is toward the latter, but only because we had that in
mozilla/netscape for so many years. 

Use a Firefox 1.5 beta to see the new login behavior.

>But when I keep the session open, and supply "user ftp" and the same
>mozilla@example.com, it lets me in.

I don't see that behavior; I always get a login failure.

Confirming as an enhancement request and moving to Preferences.  I tend to think
this is a wontfix (not enough people would use it to warrant exposing the prefs
in the user interface), but that's not my decision to make.
Status: UNCONFIRMED → NEW
Component: General → Preferences
Ever confirmed: true
QA Contact: general → preferences
OS: Linux → All
Hardware: PC → All
Version: unspecified → Trunk
firefox 3.01 anonymous ftp broken

url is 
ftp://ftp.gnu.org/gnu/ghostscript/

works fine on IE.
tried connecting to ftp.gnu.org using Filezilla ftp client using 
username: anonymous
password: mozilla@example.com
connected just fine and gave a file list.  doesn't matter whether I use active or passive, I can still connect.

strange - ff works now for some reason - wasn't working before. something's flaky here.  the only thing I did was 
ftp://ftp.gnu.org:anonymous
the owner of the site said it doesn't take a password.  after that all worked, even if I closed the tab and made a new tab and tried ftp://ftp.gnu.org/gnu/ghostscript/

http://gbiv.com/protocols/uri/rfc/rfc3986.html#authority
URI's
'Use of the format "user:password" in the userinfo field is deprecated. Applications should not render as clear text any data after the first colon (":") character found within a userinfo subcomponent unless the data after the colon is the empty string (indicating no password).
Applications may choose to ignore or reject such data when it is received as part of a reference and should reject the storage of such data in unencrypted form. The passing of authentication information in clear text has proven to be a security risk in almost every case where it has been used.'
the ftp://ftp.mayo.edu site's anon access is not normal. see the FTP log:

Status:	Resolving address of ftp.mayo.edu
Status:	Connecting to [ip deleted]:21...
Status:	Connection established, waiting for welcome message...
Response:	220-        Welcome to the Mayo Foundation FTP server.
Response:	220-        All sensitive data must be properly encrypted!
Response:	220-        PLEASE- delete files after they are transferred both for 
Response:	220-                security and to conserve disk space.
Response:	220-        Anonymous FTP users ONLY:
Response:	220-        - All files/directories go under /pub
Response:	220-        - Files will be deleted after 5 days
Response:	220-        Anonymous access to this server has changed. Please contact
Response:	220-        the Mayo Help Desk at (507) 284-5500 for more information.
Response:	220 
Command:	USER anonymous
Response:	331 Please specify the password.
Command:	PASS **************
Response:	530 Login incorrect.
Error:	Could not connect to server


This may be why the OP could not get access to this site.
Status: NEW → RESOLVED
Closed: 19 years ago3 years ago
Resolution: --- → INACTIVE
See Also: → kill-ftp
You need to log in before you can comment on or make changes to this bug.