Loading ...
Sorry, an error occurred while loading the content.

Re: OT: files area naming (an example of YAGNI)

Expand Messages
  • Rob Nagler
    ... It s been on bivio.com for about 5 years: http://www.bivio.com/demo_club/files/index.htm Hasn t been a problem. Many other sites have solved this problem
    Message 1 of 3 , Jun 13, 2005
    • 0 Attachment
      James Keenan writes:
      > Be careful what you wish for; your wish may be granted.

      It's been on bivio.com for about 5 years:

      http://www.bivio.com/demo_club/files/index.htm

      Hasn't been a problem. Many other sites have solved this problem this
      way, too.

      I doubt that Yahoo planned the files area for security through
      obscurity but maybe. Rather they inherited whatever egroups had. The DTSTTCPW
      is to use the PATH_INFO of the URL to map to the files. I'm sure some
      clever engineer thought of Yahoo's clever system.

      This is the key issue. We get the occassional spam, but I ban the
      users when I can.

      > Depending on the moderator settings,

      Exactly. Solve the security problem through a security (realm/role)
      mechanism, not through obscuring an interface. You CAN get a URL, and
      if you were a warez trader, you'd simply use tinurl or some other
      obfuscator to make it hard to trace what it is.

      YAGNI says, "You don't know you have a security problem until you have
      one." DTSTTCPW says, "make the interface clean".

      Rob
    Your message has been successfully submitted and would be delivered to recipients shortly.