On Thu, Dec 13, 2001 at 03:28:49PM +0100, Michel Arboi wrote: > Renaud Deraison <deraisonat_private> writes: > > > With this kind of check, I usually prefer when there's a "failsafe" > > solution. ie > [snip] > > I suppose I also should handle the "safe check" option :-\ Yes, but it's the same as not having a login/password/whatever. Actually, the complete logic should be : --- if(!safe_checks()) { if(login && password && have_a_writeable_dir) { if(could_log_in) { # actually test for the flaw exit(0); } } } # # Fail-safe - pattern matching on the banner # banner = get_kb_item(string("ftp/", port, "/banner")); if(!banner) .... do_some_regexp(banner); --- This is more fine-grained than in my previous post, as it helps to do the test, even if something goes wrong (can't log in any more for some reason, or ftp server went down). -- Renaud
This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 06:37:10 PST