1. Technical Field of the Invention
This invention pertains to communication between computer systems, and more particularly to the control of anonymous file transfer protocol server using exit programs.
2. Background Art
File Transfer Protocol (FTP) is the standard application for transfer of files between computers attached to Transmission Control Protocol/Internet Protocol (TCP/IP) networks, including the Internet. FTP is a "client/server" application, such that a user runs a program on one computer system, the "client", which communicates with a program running on another computer system, the "server". The interface between the FTP client and server programs is officially defined by two Request For Comment (RFC) memoranda approved by the Internet Architecture Board of the Internet Society:
Postel, J. B., and Reynolds, J. K. "File Transfer Protocol (FTP)", RFC959, October, 1985.
Braden, R. (editor). "Requirements for Internet Hosts--Application and Support", RFC1123, October, 1989.
Normal operation of FTP requires the user to enter a user identifier and password for authentication on the server system. However, some system owners have the need to make some data files available as "public" data. To facilitate the transfer of such files, an informal protocol known as "anonymous FTP" has been developed which allows a user to obtain data from an FTP server without requiring normal user identifier and password authentication. There is no formal specification of anonymous FTP, but the following informational RFC describes its use:
Deutsch, P., Emtage, A., and Marine, A. "How to Use Anonymous FTP", RFC1635, May, 1994.
Anonymous FTP presents several problems to any owner of a server system which allows it:
1. How is access to the "public" data controlled?
2. How is data which are not considered to be "public" protected?
3. How can the system owner obtain statistics about access to public data?
It is an object of this invention to provide a system and method for overcoming these problems in the prior art by enabling selective denial or approval of anonymous logon requests based on any combination of a user authentication string and/or client network address; and selective denial or approval of anonymous action requests based on any combination of type of request, user, and/or client network address, and or the specific data requested.