Loading ...
Sorry, an error occurred while loading the content.

358Re: OT: files area naming (an example of YAGNI)

Expand Messages
  • Rob Nagler
    Jun 13, 2005
    • 0 Attachment
      James Keenan writes:
      > Be careful what you wish for; your wish may be granted.

      It's been on bivio.com for about 5 years:


      Hasn't been a problem. Many other sites have solved this problem this
      way, too.

      I doubt that Yahoo planned the files area for security through
      obscurity but maybe. Rather they inherited whatever egroups had. The DTSTTCPW
      is to use the PATH_INFO of the URL to map to the files. I'm sure some
      clever engineer thought of Yahoo's clever system.

      This is the key issue. We get the occassional spam, but I ban the
      users when I can.

      > Depending on the moderator settings,

      Exactly. Solve the security problem through a security (realm/role)
      mechanism, not through obscuring an interface. You CAN get a URL, and
      if you were a warez trader, you'd simply use tinurl or some other
      obfuscator to make it hard to trace what it is.

      YAGNI says, "You don't know you have a security problem until you have
      one." DTSTTCPW says, "make the interface clean".

    • Show all 3 messages in this topic