Restrict remote listing of folders?

[varenius]

Maybe I have misunderstood, but it seems to me that etc client users can remotely list any directory on the receiving etd system. This seems like an issue. I think it could be good to be able to turn off remote directory listing (explicit requests, not listings needed to e.g. resume transfers), and/or restrict the listing to particular directories.

[haavee]

The original design (and the Python prototype / proof-of-concept) had an "access model" built in for restricting read and/or write permissions. To do that right (user based rights et cetera) this quickly becomes a very difficult topic (becoming an AAI - Authentication and Authorization Infrastructure) and pending user take up this was not propagated (yet) to the C++ implementation but probably should.

Thanks for reporting this; let's leave this here as "action item"

[varenius]

Right. For me personally, it's fine "as is". But I imagine some places around the world with very high security guidelines which may refuse installing the software if it's possible to list the files remotely. So perhaps a simple switch to etd at start time to just not allow this for anyone could be a way around those limitations (and to get the data to those places). More fine-grained role access control is of course more involved, but probably not needed for most (any?) practical applications. We "just need to get the data there" (tm).