RE:FTP URL mapping

hallam@alws.cern.ch
Thu, 3 Mar 1994 11:09:42 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Curran: "Re: FTP URL mapping"
Previous message: Keith Moore: "Re: FTP URL mapping"
Next in thread: John Curran: "Re: FTP URL mapping"
Reply: John Curran: "Re: FTP URL mapping"

Date: Thu, 3 Mar 1994 11:09:42 +0100

Message-Id: <9403031009.AA03824@dxmint.cern.ch>

From: hallam@alws.cern.ch

Subject: RE:FTP  URL mapping

It is worse than Tim points out! Not only is the mapping from the
path to directory system different on each machine a sequence of
CD commands will *NOT* work on certain systems, specifically those
that do not have a single root to the file structure and those that
do not require access to intermediate directories in a path to
use it.

For example on VMS the security spec requires that a user should not
be able to deduce the names of other accounts on the machine - or
at least that the system manager is able to chose to prevent such
access. For this reason the top level directory of all file structure
volumes is protected from access by GROUP or WORLD by default.
Thus a user may access the file u1:[hallam]fred.html without access
to u1:[000000], the toplevel directory for the file structure U1.

One way of sorting this out is to check the file structure with
a pwd command (sorry can't remember FTPeese at the mo!):-

ftp> pwd
257 U1:[HALLAM.COMMAND] is current directory.

The syntax a*:[(a|.)*] shows we are on a VMS system, unfortunately
that is not the whole story, Multinet gives :-

ftp> pwd
257 "U1:[HALLAM.COMMAND]" is current directory.

An alternative method of identification would be to (naughtily)
check the original response :

UCX:
220 axal04.cern.ch FTP Server (Version 3.0) Ready.
Multinet
220 AL1F02.CERN.CH MultiNet FTP Server Process 3.2(14) at Thu 3-Mar-94 11:22AM-C

This is the first time I have found a use for those *@#$%^&$@#
messages the standard FTP client spews out BTW.

Unfortunately the banner messages are programmable. Another security
requirement is to not describe the machine until a login has been
validated(!)

Why does all this matter? After all can't we just write ftp:///u1:[hallam]fred.html?

No we can't. Imagine we have an integrated programming system supporting
code development on VMS, UNIX and WNT. We have our source file with
links to the data dictionary or whatever :-

#include <string.h>
#include <http://mb1.sol.moon/some_code.byron>
#attach <ftp://md2.sol.moon/security/moonbase/logicals.byron>

The access method for the file is ftp because the particular machine is
run by another company that does not run an HTTP daemon. It might be
necessary to ensure that the file was the same one avaliable by ftp.

Now imagine md2.sol.moon suffers some catastrophe or is upgraded
to a VMS system. We do not want the code link to change.

Phill Hallam-Baker

Next message: John Curran: "Re: FTP URL mapping"
Previous message: Keith Moore: "Re: FTP URL mapping"
Next in thread: John Curran: "Re: FTP URL mapping"
Reply: John Curran: "Re: FTP URL mapping"