Re: New draft-draft of sftp...

To: Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: New draft-draft of sftp...
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Thu, 05 Dec 2002 23:28:12 -0500

> There are certainly undeniable reasons why client-side globbing
> causes problems. Unfortunately, I consider this to be an undeniable
> reason why server-side globbing can _also_ cause problems. Where
> does that leave us? On the one hand, we have potentially inaccurate
> results; on the other, we have a potential security hazard (although
> as far as I know I'm the only SCP implementor who considers it
> remotely important). 

(WG chair hat off)

yes, I agree that seems like something to worry about.

Trusting that the server won't feed you bogus pathnames as the result
of a glob request seems unwise.

					  - Bill

References:
- Re: New draft-draft of sftp...
  - From: Simon Tatham

Prev by Date: Re: SSH2 server/client supporting PGP keys?
Next by Date: a question on SSH_MSG_KEXDH_INIT message
Previous by Thread: Re: New draft-draft of sftp...
Next by Thread: Re: New draft-draft of sftp...
Indexes:

Home | Main Index | Thread Index | Old Index