Solved

FTP accepts wrong password

Posted on 2011-02-10
23
797 Views
Last Modified: 2012-05-11
Hi, when i connect the ftp server from PLSQL as well ftp explorer to connect. if i pass wrong password also it is getting connected to ftp from both the way. This behavior is happening from ftp explorer also. But not for every time. For example

Test@123 is a original password. But if i enter Test@12, Test@1234, Test@12345, etc it is connecting to ftp. But if i pass Correcti@12, Correct@12, something like other string, at that time it is throwing error like login incorrect. I am getting confused what may be the reason. Do we need clear cache of ftp something like that?

Thanks
0
Comment
  • 13
  • 7
  • 3
23 Comments
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
authentication in the FTP protocol consists of exactly 3 commands

USER  
PASS
ACCT   (this one isn't used much)

when an FTP server prompts you for a username, your ftp client must send a USER command with your username

such as


USER Test@123

the server might accept that, might reject it, or might accept it and ask for a password or account info

if you need a password, the server will respond to USER with a 331 request for pass
if you need account info, the server will respond to USEr with a 332 request for acct

the numbers determine the action, the text of the response may vary


There is nothing your client can do to help, hinder or change that behavior.







0
 
LVL 34

Expert Comment

by:johnsone
Comment Utility
The passwords are 8 characters.  It is only checking the first 8 characters.  Once you change something in the first 8 characters you will fail to login.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
if you want to test and verify exactly what is going on with your server you can authenticate manually

telnet to your server on port 21
send USER, then depending on the response send PASS

QUIT when done


here's an example...
c:\>telnet myftpserver 21
220 (vsFTPd 2.0.5)
USER myuser
331 Please specify the password.
PASS misspelledpassword
530 Login incorrect.
PASS correctpassword
503 Login with USER first.
USER myuser
331 Please specify the password.
PASS correctpassword
230 Login successful.
QUIT
221 Goodbye.

Connection to host lost.

c:\>

Open in new window

0
 

Author Comment

by:Suriyaraj_Sudalaiappan
Comment Utility
so the problem is because of the ACCT info? Right now when i enter the user name and only it will ask the password in my ftp explorer but not ACCT info.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
johnsone
- nothing in the FTP protocol for servers or clients states there is or should be an 8 character limit on passwords

Of course it's possible that a particular server might be implemented to enforce such a rule, but that would be odd
0
 
LVL 34

Accepted Solution

by:
johnsone earned 250 total points
Comment Utility
I have seen it at a server level.  Especially if the server is running a UNIX variant.  It just ignores the characters after the first 8.  While you think you have a longer password, you really don't.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
>>>   so the problem is because of the ACCT info


Why would you assume that?

As stated above ACCT isn't normally used


But, it's easy to check,  when you telnet manually and send USER and/or PASS were you prompted with a 332 message?

If you weren't prompted for 332 request for ACCT, then your server didn't want it

0
 

Author Comment

by:Suriyaraj_Sudalaiappan
Comment Utility
Hi,

All my requirements are clear now. Customer had given windows ftp path to place my csv file. There i tried with invalid password. It is throwing error. It is not checking first 8 characters in Windows ftp server. But i check in UNIX ftp server at that time it is checking first 8 characters. Please let me know what is the difference between windows ftp and UNIX ftp?

And also is it possible to connect the ftip (windows or UNIX) without user name and password?

Thanks
0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 250 total points
Comment Utility
it's entirely dependent on the server's configuration and security

if the server requires username and password then you must use them

if the server only accepts 8 character passwords, then you don't use 9 or more


nothing you do on the client (including changing clients)  can help, hinder or change the server's requirements
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
This phrase  "windows ftp path"  doesn't really make sense

you can have an ftp server running on windows
and you can have a directory path exposed from with the ftp server

is that what you mean? if so...

If your customer has given you a Windows ftp server that you are supposed to write to, then a different UNIX server is irrelevant.
0
 
LVL 34

Expert Comment

by:johnsone
Comment Utility
As far as I know, you cannot connect through ftp without a password.

If you change to using scp, you can set up the public and private keys to allow copying without a password.  This would require that sshd be running on a UNIX server.  If you are currently connecting to the UNIX server with ssh, then it should already be running.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
If you have any question at all about what the server is doing when authenticating,  I highly recommend trying the telnet steps mentioned and demonstrated above.

You won't have to worry about what your client software is or is not doing it'll be purel FTP protocol which is simple text.

Once you're authenticated or proven you can't authenticate, disconect with QUIT and you'll have your answer
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
>>> As far as I know, you cannot connect through ftp without a password.

Like the 8character password limit, it's up to the server to decide.

The FTP protocol does not require USER authentication, but it would be rather odd to leave it open completely so most server software will require a username, even if it's just anonymous

I say "most" because I'm sure somebody, somewhere has written a server that doesn't require it, but even so, that's not the case here.  The asker's customer has provided an FTP server and it requires a username and password.

I don't see how scp would help either, unless the Windows server running FTP is ALSO running a ssh daemon on the Windows box and configured it to accept scp.  But... even if that were true too, it still wouldn't apply because the goal here (based on previous question) is to write a csv to the remote server without the need of generating a physical file locally.  Hence the pl/sql ftp package
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
also note, there are FTP extensions that can provide additional security, the remote server might be using some of those.


again, as with all other features I've mentioned,  it's the FTP server that determines the rules.  You don't have any control over that
0
 

Author Comment

by:Suriyaraj_Sudalaiappan
Comment Utility
--you can have an ftp server running on windows
--and you can have a directory path exposed from with the ftp server
Yes that's correct sdstuber

--The asker's customer has provided an FTP server and it requires a username and password.
Customer had given only the path and host information. But they did not given any user name and password. When we tried to open the ftp host from customer network system it has connected without user name and password. Then we thought that this has not password protected.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
if you were told to ftp to a particular server but weren't given a username/password to do so, then perhaps the server allows  anonymous login

when prompted for username use "anonymous"
it may or  may not prompt for a password, if it does, convention is to send your email address but most don't require it and you can pass anything
0
 

Author Comment

by:Suriyaraj_Sudalaiappan
Comment Utility
Hi, whatever ftp site we are trying to connect allows anonymous access. So without user name and password we can access the ftp site. But when i call the sdsftp package without user name and password it is throwing the error.

ORA-20001: Permanent error from FTP server: 530 Please login with USER and PASS.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
>>> allows anonymous access. So without user name and password we can access the ftp site

That's not what anonymous access means

see previous post http:#34873343
0
 

Author Comment

by:Suriyaraj_Sudalaiappan
Comment Utility
Yes, i am passing "anonymous" username and password as NULL. Now i am able to login. below are the rsponse from dtp.

220 Microsoft FTP Service
331 Anonymous access allowed, send identity (e-mail name) as password.
230 Anonymous user logged in.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
glad I could help, don't forget to close the question
0
 

Author Comment

by:Suriyaraj_Sudalaiappan
Comment Utility
hi sdstuber, what is the use another passive connection to transfer the file.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
that's just how FTP works, check rfc959

one port to send commands another port to transfer data.

If you're communicating and transferring on the same port, you can't send commands for status or other changes.

FTP does support "active" transfers, but it's not possible to implement them using utl_tcp because utl_tcp doesn't expose what port its local port is  and active transfers aren't recommended practice anyway.
0
 

Author Closing Comment

by:Suriyaraj_Sudalaiappan
Comment Utility
GOOD ONE
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Right Function in Oracle SQL Query 6 49
PL/SQL Two statements 6 50
oracle query help 18 75
Oracle DATE Column Space 11 41
Note: this article covers simple compression. Oracle introduced in version 11g release 2 a new feature called Advanced Compression which is not covered here. General principle of Oracle compression Oracle compression is a way of reducing the d…
Cursors in Oracle: A cursor is used to process individual rows returned by database system for a query. In oracle every SQL statement executed by the oracle server has a private area. This area contains information about the SQL statement and the…
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now