Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!rutgers!usc!gem.mps.ohio-state.edu!uakari.primate.wisc.edu!ames!haven!uvaarpa!randall
From: randall@uvaarpa.virginia.edu (Randall Atkinson)
Newsgroups: comp.protocols.tcp-ip
Subject: Re:  BITNET -- Internet capabilities
Message-ID: <1230@uvaarpa.virginia.edu>
Date: 25 Oct 89 17:04:46 GMT
References: <8910251138.AA11562@alw.nih.gov>
Reply-To: randall@uvaarpa.Virginia.EDU (Randall Atkinson)
Distribution: inet
Organization: University of Virginia, Charlottesville
Lines: 27

In article <8910251138.AA11562@alw.nih.gov> RAF@CU.NIH.GOV ("Roger Fajman") writes:

>I wish the Internet had BITNET-style sender-initiated file transfer
>that did not require the sender to know the receiver's password.  It's
>very convenient.  Sending files as email is not very user friendly.

The ability of some arbitrary user elsewhere on a network I'm connected
to to put files in my account without (at least) password protection 
is a security hole.  I'm glad my systems aren't directly connected to BITNET.

ftp and sending files as mail do work, though I concede a better user
interface could be devised if someone had the time (I don't).

By the way, those of you running a sendmail that has a "decode" alias
built-in (as I gather a number of popular workstations do) may well
want to remove it.  An acquaintance at a workstation firm tried to mail
some font files to me using "decode@domain" and was startled that my
systems have that disabled and apparently hadn't realised what a security
hole it can be...

Regrettably security isn't something most vendors have been paying
much attention to until just now and the continuing problems with
DECnet virii and worms and the infamous Internet worm seem to have
had limited impact on most folks...

  Ran
  randall@virginia.EDU