IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: sftp rename not good.



> This statement implies a situation where the client is not expected to know
> anything about the remote server. In practice, this situation is
> non-sensical. You cannot connect to the server in the first place unless
> you're either a regular user of that system, or you have made a special
> pre-arrangement to obtain an account on that system. You certainly won't have
> write privileges to rename arbitrary files on a server that is completely
> unknown to you. Theoretical discussions about what might cause problems may
> be an interesting intellectual diversion, but they are just that -
> *diversions*. Real users will have knowledge about the remote server that
> they're operating on.
>
> To assume the client has no knowledge of the server is pointless.

I completely disagree with this statement.  It is a perfectly possible to
give someone an account on a system for the sole purpose of (and limited
to) sftp access.  The user may never log into the directly, or even know
what the host OS is or how to use it; it acts as an opaque sftp file
server.  This situation is neither nonsensical nor pointless; on the
contrary, it is useful and reasonably common, follows normal and useful
principles of abstraction, and is likely to become more common as sftp
becomes more widely implemented.

- Richard Silverman
  slade%shore.net@localhost





Home | Main Index | Thread Index | Old Index