From owner-freebsd-security Wed Jun 13 12:36:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from yez.hyperreal.org (gate.sp.collab.net [64.211.228.36]) by hub.freebsd.org (Postfix) with SMTP id CB31637B403 for ; Wed, 13 Jun 2001 12:36:10 -0700 (PDT) (envelope-from brian@collab.net) Received: (qmail 3546 invoked by uid 1000); 13 Jun 2001 19:37:22 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 13 Jun 2001 19:37:22 -0000 Date: Wed, 13 Jun 2001 12:37:22 -0700 (PDT) From: Brian Behlendorf X-X-Sender: To: Jamie Norwood Cc: Subject: Re: OT: FTP almost gone now? (was: Re: IPFW almost works now.) In-Reply-To: <20010613111421.A777@mushhaven.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 13 Jun 2001, Jamie Norwood wrote: > My main concern is the facts that, first off, HTTP doesn't, in most of it's > current incarnations (Both client, and server), have an easy and sane way > to handle uploading files, securely or otherwise. WebDAV. There is excellent support for it in multiple web servers, libraries for it in multiple languages, and excellent command-line and graphical client-side support, especially on MS Windows where it's the protocol behind Explorer's "Web Folders" concept. People can just drag and drop to upload to a server. Works over SSL and with password auth, so you get your security there. Webdav has a versioning extension we're using as the basis for our Subversion project, at http://subversion.tigris.org/. Get more info on webdav at http://www.webdav.org/. > My secondary concern is ease of use. I'll have to leave it up to folks to decide that for themselves whether the webdav clients meet their needs. > Tertiarily, there is the concept of statefulness. HTTP is stateless, which > is well and good for people behind firewalls and such, but FTP is stateful. > This allows us to be MUCH more interactive with the server. HTTP maintains state a number of ways, and has no problem being "interactive", for whatever that means in the FTP case. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message