From owner-freebsd-arch Wed Mar 14 16:16: 5 2001 Delivered-To: freebsd-arch@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 3EA8937B718 for ; Wed, 14 Mar 2001 16:16:01 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id f2F0FtQ07959; Wed, 14 Mar 2001 16:15:55 -0800 Date: Wed, 14 Mar 2001 16:15:55 -0800 From: Brooks Davis To: Terry Lambert Cc: Peter Pentchev , freebsd-arch@FreeBSD.ORG Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <20010314161555.A4984@Odin.AC.HMC.Edu> References: <20010314084651.A23104@ringworld.oblivion.bg> <200103142342.QAA09233@usr08.primenet.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200103142342.QAA09233@usr08.primenet.com>; from tlambert@primenet.com on Wed, Mar 14, 2001 at 11:42:36PM +0000 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 14, 2001 at 11:42:36PM +0000, Terry Lambert wrote: > I'm of the opinion that if you were a site, and you supported > a large number of connections, it would not be in your best > interests to implement this feature: it has dubious value at > best, and it costs you resources to do the calculation. This is a reasionable objection to the implemention in question, but not to the concept as a whole. If you just cache the MD5 and the mtime at the time of the MD5 you only pay for files that have never been MD5ed or have changed since you last MD5ed them. You could easily cache them either in files the ftp server ignores like .md5. or in a shared cache file. Neither would be all that difficult to implement. The VFS option someone else mentioned could work the same way except being more efficent. I'm frankly, completly mystified by the various comments about this not being a security feature. Of course it's not. That's blindly obvious. That's not the point. As long as it's an option I frankly don't see how it could possiably hurt things and I can't see any good reasion why a reasionably implementation wouldn't spread if people started using clients that could take advantage of it. As for the problem that many distfiles are distributed via HTTP, you could trivialy build an apache module to add a non-standard HTTP header so you could do a "HEAD /file/I/want/to/check HTTP/1.1" and get the MD5 from that. Obviously you wouldn't always want it on and it wouldn't work very well on dynamicaly generated content, but there doesn't seem to be any problem with using it on distfile directories. The comments above on caching the results apply here as well. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6sAm7XY6L6fI4GtQRAtIgAKDY5Dnvd4Wfcwt0DrgHuVFjJEPSDwCfTKl8 oLjVZqmEeOCzVS3rZ06hKCw= =ftV8 -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message