Roasting old chestnuts
Robert de Bath
Sun Jul 6 16:21:01 2003
On Sun, 6 Jul 2003, William Hooper wrote:
> Robert de Bath said:
> > Please don't run away, I do seem to have a new slant on this can of wormy
> > chestnuts.
> > The label on the can is "file transfers".
> > Just use the http server on port 5800+
> So you prepose to take the small, generally secure (only one issue that I
> remember off the top of my head), single purpose HTTP server and transform
> it into a full-fledged HTTP server, with all the security and complexity
> issues involved with that? Seems like a waste. If you are forwarding
> another port anyway, why not just setup a program that is designed to be
> an HTTP server, or SSH, or any other number of file transfer programs.
Firstly, the things that cause security problems with 'full-fledged HTTP
server's are rarely the file transfer. The problems are the scripting
languages, CGI programs, and the 101 other additions that appear in a
"real" http server above the copy a file down the wire coding that
The only probable 'security issue' is the very fact that you're uploading
files; that's why I'm suggesting a specific directory for files to arrive
in and the authentication requirement.
As for the 'complexity issue', I don't see it, the http server already
has to accept a potentially infinte input and send a response. The only
difference is that instead of thowing away a large input you store it
in a file, if authenticated.
Secondly, using other tools. Yes that's what I tend to do now. But it
increases complexity, not only for the installation but also for day
to day use.
Plus it's not the point; file transfer is one of the most requested
features for VNC. I'm just trying to suggest a way it could be done
without bast^H^H^H^Hmangling the RFB protocol.
PS: Don't worry I will get bored an go away soon. :)
Rob. (Robert de Bath <robert$ @ debath.co.uk>)
Google Homepage: http://www.google.com/search?btnI&q=Robert+de+Bath