Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!brutus.cs.uiuc.edu!apple!agate!ucbvax!CU.NIH.GOV!RAF
From: RAF@CU.NIH.GOV ("Roger Fajman")
Newsgroups: comp.protocols.tcp-ip
Subject: Re:  BITNET -- Internet capabilities
Message-ID: <8910272228.AA20754@alw.nih.gov>
Date: 27 Oct 89 22:29:34 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 30

> >I wish the Internet had BITNET-style sender-initiated file transfer
> >that did not require the sender to know the receiver's password.  It's
> >very convenient.  Sending files as email is not very user friendly.
>
> The ability of some arbitrary user elsewhere on a network I'm connected
> to to put files in my account without (at least) password protection
> is a security hole.  I'm glad my systems aren't directly connected to BITNET.
>
> ftp and sending files as mail do work, though I concede a better user
> interface could be devised if someone had the time (I don't).

You misunderstand the way that BITNET file transfer works.  While it's
up to the implementor, the general rule is that incoming files are
stored on spool or in some other temporary area.  The receiving user is
notified that a file is waiting for him.  He then is able to decide to
accept or reject the file.  If he accepts it, he generally is able to
rename it before it is stored in his own area.  Thus there is no
security loophole.

The whole business is analogous to mail.  The difference is in the user
interface at each end.  A file to be sent is not composed on the spot
and a file to be received is not displayed on the user's screen (except
upon request).  Files can be text or binary data.

The fact that people often UUENCODE files and send them as mail shows
that the desire for this type of file transfer is out there.
I've heard it said that the space required to store temporary copies of
tranfered files would be prohibitive.  BITNET sites generally do not
find that to be so.  Anyway, the space is being used anyway when the
files are being sent as mail.