CODEWITHSUNDEEP
javaapacheftpftp-client
Srujan Kumar Gulla
Srujan Kumar Gulla

Reputation: 5851

Apache FtpClient prints out password in logs

When it invokes ftp.login(user,pwd) it starts printing password and username which is kind of sensitive to expose to. Is there a way around to not have it printing the password.

Output:

220 <xxxx>- FTP Server ready
USER <prints username here>
331 Password required for <username>
PASS <printspassword here>
230 User <username> logged in

Code:

public FTPDownloadBB(String host, String user, String pwd) throws Exception
{
        FTPClient ftp ftp = new FTPClient();
        ftp.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));
        int reply;
        ftp.connect(host);
        reply = ftp.getReplyCode();
        if (!FTPReply.isPositiveCompletion(reply))
        {
            ftp.disconnect();
            throw new Exception("Exception in connecting to FTP Server");
        }
        ftp.login(user, pwd);
        ftp.setFileType(FTP.BINARY_FILE_TYPE);
        ftp.enterLocalPassiveMode();
}

Upvotes: 4

Views: 2175

Answers (2)

Liam Stewart
Liam Stewart

Reputation: 76

You can suppress the login details while retaining protocol logging by passing an additional boolean into the PrintCommandListener like so:

FTPClient ftp = new FTPClient();
ftp.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out), true));

According to the JavaDoc, this overloaded constructor provides the following utility:

/**
 * Create an instance which optionally suppresses login command text.
 *
 * @param writer where to write the commands and responses
 * @param suppressLogin if {@code true}, only print command name for login
 *
 * @since 3.0
 */

Which we can see here in the resultant logging, where the user and password information are suppressed:

Connected to the target VM, address: '127.0.0.1:61411', transport: 'socket'
220 FTP Server ready.
USER *******
331 Password required for demo_user
PASS *******
230 User demo_user logged in
TYPE I
200 Type set to I
Disconnected from the target VM, address: '127.0.0.1:61411', transport: 'socket'

Upvotes: 6

Kilo Koks
Kilo Koks

Reputation: 41

4all with same issue, just replace:

ftp.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));

with:

  ftp.addProtocolCommandListener(new ProtocolCommandListener() {
        @Override
        public void protocolReplyReceived(ProtocolCommandEvent arg0) {
        }

        @Override
        public void protocolCommandSent(ProtocolCommandEvent arg0) {
        }
    });

Upvotes: 2

Related Questions