Loading ...
Sorry, an error occurred while loading the content.

Re: Emacs enhancements for CPerl mode and complex systems

Expand Messages
  • James Keenan
    ... Be careful what you wish for; your wish may be granted. Depending on the moderator settings, it is possible that (a) anyone can join a Yahoo group, and (b)
    Message 1 of 3 , Jun 13, 2005
    • 0 Attachment
      On Sun, 12 Jun 2005 11:57:19 -0600, Rob Nagler <nagler@...> wrote:

      >
      > I just replaced the file b-perl.el with bivio-emacs-20050612.tgz in
      > the files area: http://groups.yahoo.com/group/extremeperl/files (Why
      > can't you just send a simple link to a file in the yahoo files area?)
      >
      >

      Be careful what you wish for; your wish may be granted.

      Depending on the moderator settings, it is possible that (a) anyone can
      join a Yahoo group, and (b) any member can upload any file to the files
      area. Which means the files area can get loaded with crap.

      I'm the moderator of another yahoo group, perlsemny, and to spike the
      spam we eventually had to move to a situation where (a) all memberships
      have to be approved by the moderator and (b) only the moderator can
      upload files.

      Granted, this doesn't directly answer your question about links, but I
      think you can see why that might not be desirable, either.

      jimk
    • Rob Nagler
      ... It s been on bivio.com for about 5 years: http://www.bivio.com/demo_club/files/index.htm Hasn t been a problem. Many other sites have solved this problem
      Message 2 of 3 , Jun 13, 2005
      • 0 Attachment
        James Keenan writes:
        > Be careful what you wish for; your wish may be granted.

        It's been on bivio.com for about 5 years:

        http://www.bivio.com/demo_club/files/index.htm

        Hasn't been a problem. Many other sites have solved this problem this
        way, too.

        I doubt that Yahoo planned the files area for security through
        obscurity but maybe. Rather they inherited whatever egroups had. The DTSTTCPW
        is to use the PATH_INFO of the URL to map to the files. I'm sure some
        clever engineer thought of Yahoo's clever system.

        This is the key issue. We get the occassional spam, but I ban the
        users when I can.

        > Depending on the moderator settings,

        Exactly. Solve the security problem through a security (realm/role)
        mechanism, not through obscuring an interface. You CAN get a URL, and
        if you were a warez trader, you'd simply use tinurl or some other
        obfuscator to make it hard to trace what it is.

        YAGNI says, "You don't know you have a security problem until you have
        one." DTSTTCPW says, "make the interface clean".

        Rob
      Your message has been successfully submitted and would be delivered to recipients shortly.