At 12:08 PM +0100 on 2/12/00, M. Uli Kusterer wrote:
>>No FTP keeps a control connection open. Takes all of
>> PORT aaa,bbb,ccc,ddd,eee,fff
>> RETR filename
>>to get a file with FTP. Still requires a seperate connection, though.
>>Which much be opened and closed after every file.
>
> Does it take much time to open/close a connection? If not, we could
>go with FTP.
It's not as bad (considering for most servers you still have to open
one connection per file with HTTP). Still a fair amount of overhead,
especially for small files.
>
>>If we have small cards, there is no good reason not to put a bunch
>>in one file.
>
> Well, 500 small cards could still result in a file of 1MB being
>downloaded even if the user only wants to access one of them.
I am advocating a file size limit, such as 50K. After a file reaches
50K, no new blocks would be added. The only time a file over 50K would
need to be downloaded would be for a large block, such as a 32-bit
pixmap.
> Web deployment would probably work using a special copy of FreeCard
>which has all security-sensitive commands turned off.
Quite a few commands could be considered security sensitive. Including,
for example, 'go to card x'.
>
> Allowing to detect the FreeCard version should be enough. Maybe we
>could even allow detecting availability of certain commands (e.g.
>check whether it has movies) but this wouldn't indicate whether it's
>QuickTime or xanim or RealPlayer, or what version.
I'm not worried about remote exploits in xanim or QuickTime. Not very
likely. But I am worried about exploits in FreeCard. If you can get the
FreeCard version, you know which exploits can be used.