[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Suggestion: Use wildcards for specifying collection
|
From: |
Nathaniel Smith |
|
Subject: |
Re: [Monotone-devel] Suggestion: Use wildcards for specifying collections |
|
Date: |
Fri, 15 Apr 2005 23:32:15 -0700 |
|
User-agent: |
Mutt/1.5.8i |
On Fri, Apr 15, 2005 at 02:40:03PM +0200, Jon Bright wrote:
> Nathaniel Smith wrote:
> >
> >Can you elaborate on these scp/sftp issues? I'm not quite following
> >why I should be nervous about letting the other side run regexp
> >matching on my behalf.
>
> With SCP/SFTP, there was additionally the issue about the remote side
> effectively gaining the ability to create arbitrarily-named files on
> your side (at least within your current directory). Monotone doesn't
> have this, but the server would have the ability to arbitrarily decide
> which branches fit your regexp and fill up your DB. Not critical, and I
> can't think of any worse consequences of it - but if possible, keeping
> the decisions about what goes into my DB on my client's side seems like
> good practice... it's more of a feeling thing than a specific vulnerability.
Ah. This doesn't seem to apply here. netsync actually works by
reconciling merkle tries; the server only uses the regex for deciding
what to put into its merkle trie. If the client wants to stop the
server from sending random junk, it has to check later anyway, after
reconciling, when it actually starts getting the random junk to look
at.
-- Nathaniel
--
"But in Middle-earth, the distinct accusative case disappeared from
the speech of the Noldor (such things happen when you are busy
fighting Orcs, Balrogs, and Dragons)."