Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!agate!helios.ee.lbl.gov!ace.ee.lbl.gov!jef From: jef@ace.ee.lbl.gov (Jef Poskanzer) Newsgroups: comp.sources.d Subject: Re: alt.sources archiving Message-ID: <2165@helios.ee.lbl.gov> Date: 21 Mar 89 19:00:19 GMT References: <448@ssbell.UUCP> Sender: usenet@helios.ee.lbl.gov Reply-To: Jef Poskanzer Organization: Paratheo-Anametamystikhood Of Eris Esoteric, Ada Lovelace Cabal Lines: 62 In the referenced message, kent@ssbell.UUCP (Kent Landfield) wrote: }Jef Poskanzer in <10985@well.UUCP> writes: }# Why do you want to store the postings in a filename specified by the poster, }# with all the security issues that brings up? } }I really fail to see a security issues problem as long as archivers do not }use absolute paths. Everyone keeps failing to see the security issue. All right, I'll be specific: if you are doing automatic archiving using filenames contained in or in any way derived from the postings, then you are vulnerable to having your archive overwritten. Let's say Person A posted some software to some sources group, and Person B had a grudge against Person A. Person B can send out a fake article with the same Archive-name: header, and trash Person A's software all over the net. Or there could be an accidental name-space collision. This is not a problem with the moderated sources groups -- I assume that all the moderators always check whether a name has been used before assigning it -- but it would definitely be a problem with an unmoderated sources group such as alt.sources. Oh yeah, remember alt.sources? That's what we are talking about here. }Jef Poskanzer in <10985@well.UUCP> writes: }# What's wrong with just saving the posting in a numbered file, grepping }# out the From: and Subject: lines to save in an index, and compressing }# the file? } }Chip Rosenthal in <763@vector.UUCP> writes: }# Boy...that's a giant step backwards. What's wrong with doing all of }# that, but using a meaningful name instead of a random number? } }Nothing is wrong with Jef's approach. It is the Message-ID method of }archiving. Bad name, since the filename has nothing at all to do with the Message-ID header line in the message. Or did you want me to bring up security again? } Optimally, all source posted to any }newsgroup would have headers specifying the appropriate information so }that archivers could use a "meaningful name". Currently though, that is }not the case. What's all this stuff about "meaningful names"? Why do you care what filename a posting gets stored in? If you are archiving any substantial quantity of source, you have to use an index to find things anyway, so why bother with any additional (insecure) mechanism? } I would like to see a move towards auxiliary headers on all sources }posted to any newsgroup, whether they are moderated or not. Well, you won't see such a move. Certainly it's easier *for you* if everyone on the net follows the standard *you* like when posting source; but people don't generally do what's easier *for you*. They do what's easier *for them*. Seems to me that a simple, robust mechanism that works with people's actual behaviour is preferable to requiring people to change their behaviour and flaming them when they don't. --- Jef Jef Poskanzer jef@helios.ee.lbl.gov ...well!pokey Driver has no cache.