[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev lynx: ftp anonymous password

From: RobertM
Subject: Re: lynx-dev lynx: ftp anonymous password
Date: Sat, 16 Feb 2002 08:13:09 +0000 (GMT)

a lot of this beingshed over already, my two penneth worth.
It is alleged that Eduardo P?rez typed:

> I've seen that lynx sends the user name when doing ANONYMOUS ftp gets.
> I see a lot of problems:
> - Sending the user name if the user doesn't know that it's sent doesn't 
> protect the user state of ANONYMOUS

Anonymous, as has been mentioned, merely means it's public and doesn't
require ormal local acess. you can normally supply ftp as the user
name rather than anonymous, which possibly makes it clearer that it's
public ftp access you're getting not anonymous.

> - Spyware is not a good idea, most users don't like it.

This isn't spyware, by convention, and by the message most FTP servers
provide, this is abiding by the request made by the FTP server.
In caseyou've not seen it the response to trying to login as
ftp/anonymous is normally something like:
Name: ftp
331 Guest login ok, send your email address as password.

Not it says to senb _your_ email address as password, to do otherwise
in the UK at least would actually be a criminal offence under the
computer misuse act, as it would constiture unauthorized access of a
computer system. For the record both Netscape and IE also send your
e-mail address if they know it, otherwise they send something like:

> - Sending the user name helps SPAM instead of stopping it. Many ftp sites 
> use this information to send you unsolicited email.

Do you have any data to back this up, having worked for over a year in
the abuse department of a large UK ISP, I have seen no evidence of
this what so ever. 

> - Sending the user name doesn't help ftp sites to know who the cracker is, 
> crackers are not stupid to send their email address.

What have crackers got to do with anything, if I'm providing a public
FTP service, they're hardly cracking anything. Sending the e-mail
address does help the site track how many different people are getting
any given file, with so many NATed addresses and such tracking IP
doesn't help this.

> - Sending the user name can be used to discriminate the user.

If for any reason a site wanted to deny access to a specific e-mail
address, then that's perfectly within thier rights. That said I'm not
aware of any FTPd that provides that sort of access control for
anonymous logins.

Really any patch which caused lynx to not provide your e-mail address
as the login fot anon ftp, would IMO be breaking lynx and reducing
it's usefulness. Not to mention it's standards compliance.

  "Ask not what I can do for the stupid, 
         but what the stupid can do for me" - Graeme Garden

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]