Date: Tue, 12 Jun 2001 16:03:57 -0700 From: "Crist Clark" <crist.clark@globalstar.com> To: Evren Yurtesen <yurtesen@ispro.net.tr> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Jamie Norwood <mistwolf@mushhaven.net>, freebsd-security@FreeBSD.ORG Subject: Re: HTTP and FTP Message-ID: <3B269FDD.B5323617@globalstar.com> References: <Pine.BSF.4.33.0106130002570.63354-100000@finland.ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
Evren Yurtesen wrote: > > I wonder if it is possible in HTTP to make users login to their home dirs > automaticly and when they put files it goes in with their uid,gid and of > course they will login with their own passwords? etc. =) It should not be terribly difficult. > also what is the simplicity of that kind of setup compared with http > server instead of using an ftp server? Setting it up an HTTP server to allow anonymous file downloads is trivial since that is what 99.9% of the webservers on the Internet are doing right now. Allowing users to download from a home directory with a password is easy enough too. Writing (HTTP POSTs and PUTs) is a different matter. Most HTTP servers are not configured to do this in such a away as to mimic FTP's typical functionality. However, we are talking about computers. They do whatever you tell them. Getting an HTTP server to accept POSTs where the 'Authorization:' field provides a username for finding a home directory is definately do-able. I can't say off the top of my head whether you can get something like Apache to do this by just configuring it correctly or if you need to add new modules or hack source. And the other issue is finding a HTTP client that will push POSTs how you want. The main limitation when considering HTTP versus FTP is to remember that HTTP is stateless and FTP is not. There are other little things here and there that HTTP cannot do that FTP can. I do not believe HTTP has a mechanism to rename a file (without downloading, deleting, and uploading). Although it is easy enough to make your own implementation there is none in HTTP itself (I could easily be wrong, I don't know RFC2616 by heart). -- Crist J. Clark Network Security Engineer crist.clark@globalstar.com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B269FDD.B5323617>