Back door in ProFTPD FTP server (The H)

Here is what people want for their businesses:
* What is needed is a daemon that supports multiple protocols. HTTP, FTP, SFTP/SCP.
* This program must maintain it's own database of users seperate from Unix. So you can setup throw away accounts, one time use accounts, and be able to add/remove users without mucking around with changing directories or permissions low-level.
* The files it deposits on the server must be only be logically mapped to what the user sees. That is the directories and permissions you see when you 'sftp example.com' is going to be different from what is actually on the server. This way it would be easy to setup files and directories on the Unix side that is easy to program and compartmentalize for different departments without engaging into weird and complex ACLs and that sort of thing. This way you can add and remove external users and junk like that without having to edit scripts and programs and such.
* Optionally the files need to be able to be deposited into a SQL database instead of file system. This is to avoid complex file locking issues and provide a familar interface for many programmers.
* Integrated PGP support for testing signatures, encrypting, decrypting files on the fly. So that if you have a customer who requires PGP signed files you can enable that with a flip of the switch.

Think of it as SFTP as a JBOSS program. If somebody like Redhat was to create something like that it would be a big hit with many enterprises. There are currently a shitload of expensive and poorly programmed applications that do this sort of thing for businesses. If there is a good open source one already I am very sorry for missing it.

I know that it's horrible and distasteful. But it's what they want.

I've worked for several different businesses of radically different stripes for nearly a decade. Ranging from 200 employees to several thousand. They were all very different, but they all had in common that they required sending signficant data to and from customers and vendors as a core business requirement. Due to regulatory concerns, contractual obligations, and just plain stupid bias they had to deal with multiple protocols and formats of the data based on customer and vendor preference... lots of stuff like ftp is entirely not up to them.

If somebody like IBM or Redhat or some other big name that is trusted and has experience with the regulatory issues created a application like this that was cheap and easy to deploy then it would go a very long way to killing ftp once and for good.

I believe it was Windows IIS, Linux (all the FTP daemons seemed to just use ls format) and I think BSD had one just a little different.

At least it has the command.

> Good luck-- you'll have to write N different parsers for your favorite N different ftp servers.

It is probably not very hard considering I never met nor even heard about this problem before now.