Anon FTP password
Today I got mail by a user who complains about Wget sending the correct email address as anonymous password. His arguments are: I've seen that wget sends the email of the user when doing ANONYMOUS ftp gets. I see a lot of problems: - Sending the user email if the user doesn't know that it's sent doesn't protect the user state of ANONYMOUS - Sending the user email helps SPAM instead of stopping it. Many ftp sites use this information to send you unsolicited email. - Sending the user email doesn't help ftp sites to know where the cracker came crackers are not stupid to send their email address. - Sending the user email can be used to discriminate the user based on the country, company or person itself. Although I don't find all of these relevant to the issue, he has a point. Sending the real email address (or at least username@FQDN) seemed like a nice helpful gesture in 1995, but now I'm not so sure. Today's Internet seems a much more, uhm, unfriendly place than it was when I started using it. What looked like a useful gesture several years ago can now be construed as a breach of privacy, and misused by malicious server owners. Furthermore, some users are trying quite hard to protect their email addresses. It's not right for Wget to thwart their efforts without them being aware. Following the example set by lftp, I'll change Wget to send -wget@ as anonymous FTP password, with the option of changing it. That way we will have a decent default, and enable the users who know what they're doing to change it to their email address, if they're oldfashioned, or to something even more anonymizing, like mozilla@. (In case you're wondering, it begins with a `-' because it makes some FTP servers suppress the welcoming message. Therefore the change will also speed up login.) Opinions?
Re: Anon FTP password
[EMAIL PROTECTED] writes: Following the example set by lftp, I'll change Wget to send -wget@ as anonymous FTP password, with the option of changing it. That way we will have a decent default, and enable the users who know what they're doing to change it to their email address, if they're oldfashioned, or to something even more anonymizing, like mozilla@. You mean -wget@ with no host ? Right. Won't some FTP sites consider that as invalid ? I've never seen such a site. Apparently netscape uses mozilla@ as FTP password. But I was wrong about lftp: they seem to use username@ (also without host) as anonymous FTP password. The misleading part is in the source where a static declaration initializes the variable to -lftp@.
wget ftp anonymous password
I've seen that wget sends the email of the user when doing ANONYMOUS ftp gets.
I see a lot of problems:
- Sending the user email if the user doesn't know that it's sent doesn't
protect the user state of ANONYMOUS
- Sending the user email helps SPAM instead of stopping it. Many ftp sites
use this information to send you unsolicited email.
- Sending the user email doesn't help ftp sites to know where the cracker came
crackers are not stupid to send their email address.
- Sending the user email can be used to discriminate the user based on the country,
company or person itself.
By all of these reasons I argue that wget to don't send the user email
by default.
Anyway Netscape Communicator sends mozilla@ as password by default, and it's
the most used anonymous ftp password worldwide so this change doesn't break
anything. And the user can send whatever email he likes by setting passwd
Why dou you send the email using anonymous ftp when you don't send it using
anonymous http ?
I've seen intranets with strict firewalls that only let anonymous ftp with
mozilla@ as password (password used by netscape communicator when doing ftp)
And I've heard of people having trouble downloading with wget/ftp.
I send you the bugfix. Maybe it's not perfect (I don't know if the xstrdup
it's needed) but it works.
Hopping that you see all of these problems I wait for your comments.
Eduardo Pérez Ureta
diff -ur wget-bad/src/ftp.c wget/src/ftp.c
--- wget-bad/src/ftp.c Tue Apr 24 23:09:45 2001
+++ wget/src/ftp.c Wed Apr 25 18:40:44 2001
@@ -134,7 +134,7 @@
search_netrc (u-host, (const char **)user, (const char **)passwd, 1);
user = user ? user : opt.ftp_acc;
if (!opt.ftp_pass)
-opt.ftp_pass = ftp_getaddress ();
+opt.ftp_pass = xstrdup (mozilla@);
passwd = passwd ? passwd : opt.ftp_pass;
assert (user passwd);
diff -ur wget-bad/src/host.c wget/src/host.c
--- wget-bad/src/host.c Fri Apr 13 03:39:23 2001
+++ wget/src/host.c Wed Apr 25 18:36:08 2001
@@ -360,130 +360,6 @@
return 0;
}
-/* Return email address of the form username@FQDN suitable for
- anonymous FTP passwords. This process is error-prone, and the
- escape hatch is the MY_HOST preprocessor constant, which can be
- used to hard-code either your hostname or FQDN at compile-time.
-
- If the FQDN cannot be determined, a warning is printed, and the
- function returns a short `username@' form, accepted by most
- anonymous servers.
-
- The returned string is generated by malloc() and should be freed
- using free().
-
- If not even the username cannot be divined, it means things are
- seriously fucked up, and Wget exits. */
-char *
-ftp_getaddress (void)
-{
- static char *address;
-
- /* Do the drill only the first time, as it won't change. */
- if (!address)
-{
- char userid[32]; /* 9 should be enough for Unix, but
- I'd rather be on the safe side. */
- char *host, *fqdn;
-
- if (!pwd_cuserid (userid))
- {
- logprintf (LOG_ALWAYS, _(%s: Cannot determine user-id.\n),
-exec_name);
- exit (1);
- }
-#ifdef MY_HOST
- STRDUP_ALLOCA (host, MY_HOST);
-#else /* not MY_HOST */
-#ifdef HAVE_UNAME
- {
- struct utsname ubuf;
- if (uname (ubuf) 0)
- {
- logprintf (LOG_ALWAYS, _(%s: Warning: uname failed: %s\n),
- exec_name, strerror (errno));
- fqdn = ;
- goto giveup;
- }
- STRDUP_ALLOCA (host, ubuf.nodename);
- }
-#else /* not HAVE_UNAME */
-#ifdef HAVE_GETHOSTNAME
- host = alloca (256);
- if (gethostname (host, 256) 0)
- {
- logprintf (LOG_ALWAYS, _(%s: Warning: gethostname failed\n),
-exec_name);
- fqdn = ;
- goto giveup;
- }
-#else /* not HAVE_GETHOSTNAME */
- #error Cannot determine host name.
-#endif /* not HAVE_GETHOSTNAME */
-#endif /* not HAVE_UNAME */
-#endif /* not MY_HOST */
- /* If the address we got so far contains a period, don't bother
- anymore. */
- if (strchr (host, '.'))
- fqdn = host;
- else
- {
- /* I've seen the following scheme fail on at least one
-system! Do we care? */
- char *tmpstore;
- /* According to Richard Stevens, the correct way to find the
-FQDN is to (1) find the host name, (2) find its IP
-address using gethostbyname(), and (3) get the FQDN using
-gethostbyaddr(). So that's what we'll do. Step one has
-been done above. */
- /* (2) */
- struct hostent *hp = gethostbyname (host);
- if (!hp || !hp-h_addr_list)
- {
- logprintf (LOG_ALWAYS, _(\
-%s: Warning: cannot determine local IP address.\n),
-exec_name);
- fqdn = ;
- goto giveup;
- }
- /* Copy the argument,
RE: Wget and i18n
From: Philipp Thomas [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 06, 2001 11:02 AM To: Hrvoje Niksic Cc: [EMAIL PROTECTED] Subject: Re: Wget and i18n * Hrvoje Niksic ([EMAIL PROTECTED]) [20010306 10:35]: Also, won't this trigger an error if a system header file, say string.h, happens to include ctype.h? (I know system header files should not do that because it pollutes your namespace, but older systems sometimes do that.) Yes, it would trigger in that case. But safe-ctype was developed for GCC originally and as gcc is used also on old systems (one of them the original BSD), I guess we would have heard if safe-ctype broke things. Philipp Unfortunately, on winnt this *is* a problem. Visual C 5 does include ctype.h in stdio.h (or something similar, sorry, memory is fading). While this finally gave me a kick enough to upgrade to VC6 (up to the latest service pack, just to be sure to cover every new added bug er bugfix), now still ctype.h is included in winnt.h, compilation fails. (We always knew winnt is an *old* system, but this proves it :). Any idea what would be a sensible way to cover this ? Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY
Re: Wget and i18n
Philipp Thomas [EMAIL PROTECTED] writes: * Herold Heiko ([EMAIL PROTECTED]) [20010426 18:42]: bugfix), now still ctype.h is included in winnt.h, compilation fails. (We always knew winnt is an *old* system, but this proves it :). Any idea what would be a sensible way to cover this ? Does MS ctype.h have include guards? If yes, one could just define those guards on the command line. The other alternative would be to disable NLS support on WIN* and make the inclusion of safe-ctype.h also depending on this. I think it's much simpler and safer to just disable the error. It served its debugging purpose; it's not really needed anymore.
Re: Wget and i18n
Drazen Kacar [EMAIL PROTECTED] writes: Hm. But that only prevents ctype.h from being included and not the functions from being used. That's OK, but it's not foolproof. Right. And it causes problems on machines that include ctype.h through another header file. Which is why I am strongly inclined to remove that error in its current form. But perhaps this would work: #undef isalpha #define isalpha ***please use ISALPHA*** And so on.
Re: Wget and i18n
Drazen Kacar [EMAIL PROTECTED] writes: Hrvoje Niksic wrote: Drazen Kacar [EMAIL PROTECTED] writes: Hm. But that only prevents ctype.h from being included and not the functions from being used. That's OK, but it's not foolproof. Right. And it causes problems on machines that include ctype.h through another header file. I wonder. POSIX compilation environment may not do such a thing I know. However, Wget is targeted to a superset of POSIX or for that matter ISO C compliant machines. If this error breaks compilation on those machines without bringing much value, it goes away. In which case configure script could advise getting a C compiler, just for fun. That would be hypocritical, given that configure defaults to Gcc. :-)
Re: Wget and i18n
Herold Heiko wrote: Unfortunately, on winnt this *is* a problem. Visual C 5 does include ctype.h in stdio.h (or something similar, sorry, memory is fading). Is that compliant with the C standard? Any idea what would be a sensible way to cover this ? Instead of: #ifdef isalpha #error #else ... make a bunch of: #undef isalpha #undef isdigit ... It would be good to have #undefs in one #ifdef compiler_or_OS_version, because in general it's possible that isalpha() defined by the compilation environment doesn't have anything to do with isalpha() defined by the C language, so in that case throwing #error is the right thing to do. -- .-. .-.Sarcasm is just one more service we offer. (_ \ / _) |[EMAIL PROTECTED] |
Re: Wget and i18n
* Herold Heiko ([EMAIL PROTECTED]) [20010426 18:42]: bugfix), now still ctype.h is included in winnt.h, compilation fails. (We always knew winnt is an *old* system, but this proves it :). Any idea what would be a sensible way to cover this ? Does MS ctype.h have include guards? If yes, one could just define those guards on the command line. The other alternative would be to disable NLS support on WIN* and make the inclusion of safe-ctype.h also depending on this. Philipp -- Philipp Thomas [EMAIL PROTECTED] Development, SuSE GmbH, Schanzaecker Str. 10, D-90443 Nuremberg, Germany Penguins shall save the dinosaurs -- Handelsblatt about Linux on S/390
Re: Is there a version of Wget that is 100% Java under GPL or LGPL?
Quoting Mike Kanaley ([EMAIL PROTECTED]): Subject: Re: Is there a version of Wget that is 100% Java under GPL or LGPL? No, wget is written in C. -- jan +-- Jan Prikryl| vr|vis center for virtual reality and visualisation [EMAIL PROTECTED] | http://www.vrvis.at +--
