Toad said: >On Sat, Aug 19, 2006 at 12:38:55PM +0300, Jusa Saari wrote: > > On Fri, 18 Aug 2006 22:46:49 +0100, Matthew Toseland wrote: > > > > > We could: > > > - Make ClientPut of a file insert a one-file manifest by default > > > including the given filename (rather than just the file), if it's told > > > to insert a CHK@ > > > - Enforce the number of metastrings. I.e. if a file is inserted as > > > CHK at blah,blah,blah/ it can no longer be accessed as > > > CHK at blah,blah,blah/something-i-just-made-up.jpeg > > > > > > Advantages: > > > - Keys cannot be modified; there is a definitive CHK, and if you change > > > it it doesn't work > > > - Therefore CHK at .../chicken-porn.jpeg cannot be renamed maliciously to > > > CHK at .../free-music.mp3 > > > Won't work. Nothing stops me from downloading chicken-porn.jpeg, changing > > one pixel in the upper right corner (so the CHK will differ), and > > inserting it as free-music.mp3.
> I said it would be inserted as a one-file manifest: the filename is > effectively in the metadata. If you change the filename you change the > manifest and therefore change the CHK. This is a horrible idea. It will lead to redundant duplication of content if someone happens to insert the same exact thing but simply under a different name. Or wants to rename a file and has to reinsert it and duplicate it again. If some fool is maliciously renaming keys then here's the solution: do not download from them or that freesite anymore. I think having the users use a little common sense is preferential to taking programer time (away from other tasks, e.g. open-net) to hard code a hack. Scruple --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1?/min. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060821/5fb53b57/attachment.html>
