Cc:-ed to the libwww mailing list. Does anybody else think this is a good idea?
[EMAIL PROTECTED] writes: > I've seen that URI::ftp sends the user name when doing ANONYMOUS ftp gets. > I see a lot of problems: > - Sending the user name if the user doesn't know that it's sent doesn't > protect the user state of ANONYMOUS > - Spyware is not a good idea, most users don't like it. > - Sending the user name helps SPAM instead of stopping it. Many ftp sites > use this information to send you unsolicited email. > - Sending the user name doesn't help ftp sites to know who the cracker is > crackers are not stupid to send their email address. > - Sending the user name can be used to discriminate the user. > > By all of these reasons I argue that URI::ftp to don't send the user email > by default. Minor correction: URI::ftp does not send anything. It just suggest a password for anybody that might ask. LWP::Protocol::ftp asks and will use this password to log in. > Some time ago two very important ftp clients wget and lftp stopped > sending the user name as password based on my input. > > As more and more ftp clients are moving to this anonymous@ password > (for example the kde kio ftp, qt3, gnome-xml, Net::FTP) > I recommend you to apply the patch. > > I send you the bugfix. > > Hopping that you see all of these problems I wait for your comments. > > Eduardo Pérez Ureta > > --- URI/ftp.pm Fri Sep 11 09:54:04 1998 > +++ URI/ftp.pm Sat Dec 1 11:29:52 2001 > @@ -5,7 +5,6 @@ > @ISA=qw(URI::_server URI::_userpass); > > use strict; > -use vars qw($whoami $fqdn); > use URI::Escape qw(uri_unescape); > > sub default_port { 21 } > @@ -31,25 +30,14 @@ > my $user = $self->user; > if ($user eq 'anonymous' || $user eq 'ftp') { > # anonymous ftp login password > - unless (defined $fqdn) { > - eval { > - require Net::Domain; > - $fqdn = Net::Domain::hostfqdn(); > - }; > - if ($@) { > - $fqdn = ''; > - } > - } > - unless (defined $whoami) { > - $whoami = $ENV{USER} || $ENV{LOGNAME} || $ENV{USERNAME}; > - unless ($whoami) { > - if ($^O eq 'MSWin32') { $whoami = Win32::LoginName() } > - else { > - $whoami = getlogin || getpwuid($<) || 'unknown'; > - } > - } > - } > - $pass = "$whoami\@$fqdn"; > + # If there is no ftp anonymous password specified > + # then we'll just use -anonymous@ > + # We don't send any other thing because: > + # - We want to remain anonymous > + # - We want to stop SPAM > + # - We don't want to let ftp sites to discriminate by the user, > + # host, country or ftp client being used. > + $pass = '-anonymous@'; What does the leading '-' achieve? > } > } > $pass; Regards, Gisle