Cc:-ed to the libwww mailing list. Does anybody else think this is a
good idea?
[EMAIL PROTECTED] writes:
> I've seen that URI::ftp sends the user name when doing ANONYMOUS ftp gets.
> I see a lot of problems:
> - Sending the user name if the user doesn't know that it's sent doesn't
> protect the user state of ANONYMOUS
> - Spyware is not a good idea, most users don't like it.
> - Sending the user name helps SPAM instead of stopping it. Many ftp sites
> use this information to send you unsolicited email.
> - Sending the user name doesn't help ftp sites to know who the cracker is
> crackers are not stupid to send their email address.
> - Sending the user name can be used to discriminate the user.
>
> By all of these reasons I argue that URI::ftp to don't send the user email
> by default.
Minor correction: URI::ftp does not send anything. It just suggest a
password for anybody that might ask. LWP::Protocol::ftp asks and will
use this password to log in.
> Some time ago two very important ftp clients wget and lftp stopped
> sending the user name as password based on my input.
>
> As more and more ftp clients are moving to this anonymous@ password
> (for example the kde kio ftp, qt3, gnome-xml, Net::FTP)
> I recommend you to apply the patch.
>
> I send you the bugfix.
>
> Hopping that you see all of these problems I wait for your comments.
>
> Eduardo Pérez Ureta
>
> --- URI/ftp.pm Fri Sep 11 09:54:04 1998
> +++ URI/ftp.pm Sat Dec 1 11:29:52 2001
> @@ -5,7 +5,6 @@
> @ISA=qw(URI::_server URI::_userpass);
>
> use strict;
> -use vars qw($whoami $fqdn);
> use URI::Escape qw(uri_unescape);
>
> sub default_port { 21 }
> @@ -31,25 +30,14 @@
> my $user = $self->user;
> if ($user eq 'anonymous' || $user eq 'ftp') {
> # anonymous ftp login password
> - unless (defined $fqdn) {
> - eval {
> - require Net::Domain;
> - $fqdn = Net::Domain::hostfqdn();
> - };
> - if ($@) {
> - $fqdn = '';
> - }
> - }
> - unless (defined $whoami) {
> - $whoami = $ENV{USER} || $ENV{LOGNAME} || $ENV{USERNAME};
> - unless ($whoami) {
> - if ($^O eq 'MSWin32') { $whoami = Win32::LoginName() }
> - else {
> - $whoami = getlogin || getpwuid($<) || 'unknown';
> - }
> - }
> - }
> - $pass = "$whoami\@$fqdn";
> + # If there is no ftp anonymous password specified
> + # then we'll just use -anonymous@
> + # We don't send any other thing because:
> + # - We want to remain anonymous
> + # - We want to stop SPAM
> + # - We don't want to let ftp sites to discriminate by the user,
> + # host, country or ftp client being used.
> + $pass = '-anonymous@';
What does the leading '-' achieve?
> }
> }
> $pass;
Regards,
Gisle
