[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (none) [httpd finding your identity]



Don wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > I've removed the code that uses the e-mail address as the
> > FTP password for anonymous FTPs.
> 
> Does that mean that general-purpose ftp won't be accepted unless the
> user gives up their email? Greaaaaaaat... Can't have it both ways, I
> guess. What can be added as far as user control; inline vs non-inline,
> for example.

  I'm not sure I understand what you are saying, so I will try to
re-state what we are doing.  By default for anonymous FTP we will
send the string "mozilla@" for the anon password.  This is similar
to Mosaic and Internet Explorer, which send "webuser@".  If the
user wants to send their real address, or anything else, they can
type an ftp URL that will allow them to enter the password.  I hope
to add an option so that the user can decide for themselves to send
or not send their identity.  Note that we do not currently send the HTTP
'From:' header.  Some users would like an option to turn it on.

> The FTP explanation certainly explains why my personal system is able
> to confuse the username part of it. And I know there's nothing anyone
> can do about the reverse-ip, but what about http referral field? Will
> there be a way to turn off (blank, actually) this field?

  I would like to add a way to turn it off, but it won't happen in 2.0.

> Jeff, your efforts are certainly appreciated - your ability to get these
> things done is most valuable.

  Thanks.  I just wish I had been able to attend yesterdays cypherpunk
gathering rather than having to fix this bug.  Sigh.

> Regarding the anonymizer:
> First, are there any working anonymizers yet?
> Second, is there any ISP that would be willing to give a home to the
>   anonymizer?

  I think that there are several.  The one at CMU can be reached
at http://anonymizer.cs.cmu.edu:8080/open.html.  I thought that
Sameer had one at c2.org, but a quick look at his web site didn't
turn up anything.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.