[1523] in WWW Security List Archive
Re: JavaScript to grab email (fwd)
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Thu Feb 22 16:43:31 1996
Date: Thu, 22 Feb 1996 09:41:00 -0800
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: Achim Dreyer <adreyer@plato.uni-paderborn.de>
CC: "Daniel L. Smith" <dls@JavaJoint.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Achim Dreyer wrote:
> > It seems to me that you could do the same thing with ftp.
> > Have a frames document where the html for one of the panes comes through
> > anonymous ftp instead of http. You would then have a process essentially
> > doing a tail -f on the log file. Any new addition could trigger a script
> > to parse the last line of the log file, and do whatever. No JavaScript
> > involved.
>
> But that's the other way round. - The work is done by the ADMIN of the ftp
> site, there should/is no easy way for a simple USER (eg. document/JavaScript
> writer) to get the log files of a (good/secure/..) ftp site.
>
> ( Surely, I want to control what MY LOCAL browser is going to do!! )
There seems to be a category error in the above.
Yes: setting up such a thing via httpd (in contrast to ftpd) is less
likely to require (depending on how you configure your httpd) special
permission on the server, but No: you're not really "controlling" your
ftp client in any stronger sense than that in which you "control" your
web client.
There really appears to be no reason why a site could NOT make ftpd
logfiles accessible to specific users - perhaps even with the intent of
using them for such a purpose, if deemed appropriate by a company's
marketing division. The main thing that has prevented this for ftp, is
probably the lack of realization that it was possible, and the relative
lack of marketing-thought that's gone into ftp.
