From owner-freebsd-security  Wed Jun 13 12:36:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from yez.hyperreal.org (gate.sp.collab.net [64.211.228.36])
	by hub.freebsd.org (Postfix) with SMTP id CB31637B403
	for <freebsd-security@FreeBSD.ORG>; Wed, 13 Jun 2001 12:36:10 -0700 (PDT)
	(envelope-from brian@collab.net)
Received: (qmail 3546 invoked by uid 1000); 13 Jun 2001 19:37:22 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 13 Jun 2001 19:37:22 -0000
Date: Wed, 13 Jun 2001 12:37:22 -0700 (PDT)
From: Brian Behlendorf <brian@collab.net>
X-X-Sender:  <brian@localhost>
To: Jamie Norwood <mistwolf@mushhaven.net>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: OT: FTP almost gone now? (was: Re: IPFW almost works now.)
In-Reply-To: <20010613111421.A777@mushhaven.net>
Message-ID: <Pine.BSF.4.31.0106131232290.468-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 13 Jun 2001, Jamie Norwood wrote:
> My main concern is the facts that, first off, HTTP doesn't, in most of it's
> current incarnations (Both client, and server), have an easy and sane way
> to handle uploading files, securely or otherwise.

WebDAV.  There is excellent support for it in multiple web servers,
libraries for it in multiple languages, and excellent command-line and
graphical client-side support, especially on MS Windows where it's the
protocol behind Explorer's "Web Folders" concept.  People can just drag
and drop to upload to a server.  Works over SSL and with password auth, so
you get your security there.  Webdav has a versioning extension we're
using as the basis for our Subversion project, at
http://subversion.tigris.org/.  Get more info on webdav at
http://www.webdav.org/.

> My secondary concern is ease of use.

I'll have to leave it up to folks to decide that for themselves whether
the webdav clients meet their needs.

> Tertiarily, there is the concept of statefulness. HTTP is stateless, which
> is well and good for people behind firewalls and such, but FTP is stateful.
> This allows us to be MUCH more interactive with the server.

HTTP maintains state a number of ways, and has no problem being
"interactive", for whatever that means in the FTP case.

	Brian




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message