Re: squid: ftp anonymous password

-------- Original Message --------
Subject: Re: squid: ftp anonymous password
Date: Sat, 27 Oct 2001 13:25:11 +0000
From: eperez@dei.inf.uc3m.es
To: hno@squid-cache.org
References: <20011027124342@dei.inf.uc3m.es>
<3BDAB21C.FAB8491A@squid-cache.org>

On 2001-10-27 15:09:48 +0200, Henrik Nordstrom wrote:
> The "password" can be changed quite easily from squid.conf, as you
> probably know.

Yes, I know. But, here I'm asking you to use "anonymous@" by default.
So the people that don't mind using spyware can change the ftp password
to whatever they want.

> If the user want's to hide the fact that they are using Squid, this is
> only one of many things they must consider. For example, the HTTP
> standards requires Squid to identify itself in a number of different
> locations, and even if you change the password, the sequence of commands
> used by Squid probably is sufficient to fingerprint it within reasonable
> doubt.

Yes, I agree with you. But, criminal organizations like Microsoft can
make software products that discriminate based on data sent by clients
and we should avoid that whenever possible.

> I don't think we plan on changing the default anonymous FTP "password"
> in Squid.

Would you default to this non-discriminatory password now ?

Regards
                Eduardo Pérez Ureta

> eperez@dei.inf.uc3m.es wrote:
> >
> > Hello !
> >
> > I've seen you are sending "Squid@" as PASS in anonymous ftp.
> >
> > You should use "anonymous@" as newer ftp clients do.
> >
> > Problems with your approach:
> > - Sending anything that's not anonymous@ as password is not
> > anonymous by definition
> > - Spyware is not a good idea, most users don't like it.
> >
> > Important components that start to use it:
> > http://webcvs.kde.org/cgi-bin/cvsweb.cgi/kdelibs/kio/ftp/ftp.cc.diff?r1=1.151&r2=1.152
> > http://webcvs.kde.org/cgi-bin/cvsweb.cgi/qt-copy/src/network/qftp.cpp.diff?r1=1.14&r2=1.15
> > http://cvs.gnome.org/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvs/gnome&subdir=/gnome-xml&command=DIFF&root=/cvs/gnome&file=nanoftp.c&rev1=1.38&rev2=1.39
> >
> > I send you the bugfix.

--- squid/src/cf.data.pre Mon Oct 22 14:40:23 2001
+++ squid/src/cf.data.pre Sat Oct 26 17:30:52 2001
@@ -1005,7 +1005,7 @@
 
 NAME: ftp_user
 TYPE: string
-DEFAULT: Squid@
+DEFAULT: anonymous@
 LOC: Config.Ftp.anon_user
 DOC_START
         If you want the anonymous login password to be more informative
Received on Sat Oct 27 2001 - 08:33:47 MDT