On Fri, Mar 21, 2008 at 5:43 AM, Robert E. &lt;<a href="mailto:report@bugs.python.org">report@bugs.python.org</a>&gt; wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Robert E. &lt;<a href="mailto:robert@re-factory.de">robert@re-factory.de</a>&gt; added the comment:<br>
<div class="Ih2E3d"><br></div>Concerning the plain-text login. I think a FTPS class should default to<br>
encrypted login (you could use the ftp class if you dont want). In no<br>
way should the login credentials be sent unencrypted on default. Using<br>
another parameter might be a soulution to that, though I would prefer<br>
the library to raise an error if establishing an FTPS connection did not<br>
succeed. The main program could then catch it and decide how to proceed<br>
(using plain ftp or aborting according to a given policy).</blockquote><div><br>Sounds reasonable to me.<br><br>Note that FTP is an old and somewhat gnarly protocol, and<br>doesn&#39;t work the way more recent application protocols do.&nbsp; The SSL<br>
module is designed for TCP-based single-connection call-response<br>protocols, more or less.&nbsp; Doing FTPS right might mean we&#39;d have to<br>extend it.<br><br></div></div><br>