Steven Taschuk <staschuk@[...].net>  wrote in message news:<mailman.1048222276.31387.python-l
ist@[...].org> ...
>  Quoth Dan Nyanko:
>  > What I have working so far is the client can send a file across the
>  > link to the server, and it is written into the directory that the
>  > server program resides in.  I would like to add an authentication step
>  > that would send it to the valid users home directory, e.g.
>  > /home/cp_ru/filename.tar.gz
>  
>  Can't the client just specify a filename of "/home/cp_ru/filename"?

Yes, but I want transparency.  The server should be smart enough to
say, "hey this is cp_ru, and his password is valid.  Therefore, I
should store his file into his home directory.

>  That seems to do more or less what you want, but it points out a
>  gaping security hole in the server; the client could specify a
>  filename of, say, "/etc/passwd", which would be bad.  (I assume
>  the server is running as root so it can bind to port 510.)

Yes I see your point.  Obviously I'll need the server to run as an
unprivileged user that only has read/write to the validated user's
home directory.

I put port 510 for no other reason that I was reading about FCP when I
wrote the program.  I guess I was thinking along the lines of
cryptography and a secure protocol for sending files across tcp/ip... 
Of course, my code does not accomplish any of that but I would like
for it to do so in the future.

>  Why not just use ftp or sftp?

This is a learning project and a hobby.  Using existing programs is
not why a person visits comp.lang.*
-- 
http://mail.python.org/mailman/listinfo/python-list