SF patch #497420 (Eduardo Pérez): ftplib: ftp anonymous password

Instead of sending the real user and host, use "anonymous@" (i.e. no host name at all!) as the default anonymous FTP password. This avoids privacy violations.
2001-12-28 20:54:28 +00:00 · 2001-12-28 20:54:28 +00:00 · c33e077838
parent 5560269675
commit c33e077838
3 changed files with 11 additions and 18 deletions
--- a/Doc/lib/libftplib.tex
+++ b/Doc/lib/libftplib.tex
@ -20,7 +20,7 @@ Here's a sample session using the \module{ftplib} module:
 \begin{verbatim}
 >>> from ftplib import FTP
 >>> ftp = FTP('ftp.cwi.nl')   # connect to host, default port
->>> ftp.login()               # user anonymous, passwd user@hostname
+>>> ftp.login()               # user anonymous, passwd anonymous@
 >>> ftp.retrlines('LIST')     # list directory contents
 total 24418
 drwxrwsr-x   5 ftp-usr  pdmaint     1536 Mar 20 09:48 .
@ -121,10 +121,7 @@ Log in as the given \var{user}.  The \var{passwd} and \var{acct}
 parameters are optional and default to the empty string.  If no
 \var{user} is specified, it defaults to \code{'anonymous'}.  If
 \var{user} is \code{'anonymous'}, the default \var{passwd} is
-\samp{\var{realuser}@\var{host}} where \var{realuser} is the real user
-name (glanced from the \envvar{LOGNAME} or \envvar{USER} environment
-variable) and \var{host} is the hostname as returned by
-\function{socket.gethostname()}.  This function should be called only
+\code{'anonymous@'}.  This function should be called only
 once for each instance, after a connection has been established; it
 should not be called at all if a host and user were given when the
 instance was created.  Most FTP commands are only allowed after the
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@ -351,19 +351,14 @@ class FTP:
        if not passwd: passwd = ''
        if not acct: acct = ''
        if user == 'anonymous' and passwd in ('', '-'):
-            # get fully qualified domain name of local host
-            thishost = socket.getfqdn()
-            try:
-                if os.environ.has_key('LOGNAME'):
-                    realuser = os.environ['LOGNAME']
-                elif os.environ.has_key('USER'):
-                    realuser = os.environ['USER']
-                else:
-                    realuser = 'anonymous'
-            except AttributeError:
-                # Not all systems have os.environ....
-                realuser = 'anonymous'
-            passwd = passwd + realuser + '@' + thishost
+	    # If there is no anonymous ftp password specified
+	    # then we'll just use anonymous@
+	    # We don't send any other thing because:
+	    # - We want to remain anonymous
+	    # - We want to stop SPAM
+	    # - We don't want to let ftp sites to discriminate by the user,
+	    #   host or country.
+            passwd = passwd + 'anonymous@'
        resp = self.sendcmd('USER ' + user)
        if resp[0] == '3': resp = self.sendcmd('PASS ' + passwd)
        if resp[0] == '3': resp = self.sendcmd('ACCT ' + acct)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@ -330,6 +330,7 @@ Randy Pausch
 Marcel van der Peijl
 Samuele Pedroni
 Steven Pemberton
+Eduardo Pérez
 Tim Peters
 Chris Petrilli
 Geoff Philbrick