- From: Peter Stamfest <peter.stamfest@eunet.at>
- Date: Thu, 24 Aug 2000 23:55:49 +0200 (CEST)
- To: www-lib@w3.org
- Message-ID: <Pine.LNX.4.21.0008242344040.1247-200000@peter.stamf.pr.at>
Hi, I have already posted two messages regarding the FTP/persistant connection problem, that could lead to security problems and strange results... Finally, I found that problem mentioned in the TODO list... So I sat down today, and fixed it (at least sort-of) Basically, what I did is to give protocols the possibility to check if a HTCannel (or actually HTHost) is compatible with what the protocol wants to do. This is a generic mechanism. For FTP, this mechnism stores the username/password with the HTHost object. When trying to reuse an existing connection, it is checked if the username/password match the one given with the current request. The channel is only used if they match. The attached patch is against the current CVS source. I would like to discuss the techniques it uses, in order to find out if it fits into libwww or not. It would be great if sombody could check what I did. Feedback about the content and quality of the patch is welcome. I would like to improve this area in the future, until we can say that it really works. I would like to add some remarks I have written down while I worked on the patch: -------------------------------------------------------------------- Made Changes: Key change in HTHost_new (which has become HTHost_new_with_check, HTHost_new is still available, but it is a wrapper around HTHost_new_with_check): It is now possible that there are multiple connections to the same host/port combination in the cache. This required me to move the host selection mechanism into the cache lookup loop. In addition to the host/port check done traditionally, a callback function may be called to check if a HTHost object (or rather its channel) is compatible with the intentions of the caller. Currently this feature is only used by the FTP protocol to check the uid/passwd. If this check fails, the cache lookup continues, as there might be another (compatible) HTHost object in the cache. Possible improvements: * Maybe ftp_ctrl should be used as the HTHost related protocol information. * Maybe the protocol context should be associated with the channel instead of with the host * could/should we use the context instead of introducing the new protocolContext? * The REIN/USER/PASS logic to change user over a FTP connection may be dropped (?) * the ftp_protocol_context structure has hardcoded lengths in it - should be changed Could somebody check if the changes I made to the code in HTHost_new (now actually HTHost_new_with_check) are correct and that they are compatible with the HTHost cache??? ----------------------------------------------------------------- peter BTW: Could anybody informed tell me if it is still necessary to fill out and mail the form in PATCHES.html? -- Peter Stamfest UNIX, Networking & Computing Consultant Tel: +43/699/20711205 Software Development E-Mail: ps@psncc.at WWW: http://www.psncc.at/ peter.stamfest@eunet.at
Attachments
- TEXT/PLAIN attachment: libwww-FTP-patch
Received on Thursday, 24 August 2000 17:58:00 UTC