Closed Bug 101027 Opened 24 years ago Closed 23 years ago

Prefs: improve ftp password when "advanced.mailftp"=false

Categories

(Core Graveyard :: Networking: FTP, defect)

Product:
Core Graveyard
Component:
Networking: FTP
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.5

People

(Reporter: stummala, Assigned: bbaetz)

References

(
URL
)

Details

(Keywords: testcase)

Attachments

(2 files)

patch
606 bytes, patch
dougt
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
ftp anonymous password
1.03 KB, patch
Details | Diff | Splinter Review
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 BuildID: 2001-09-12-05 "mozilla@" is passed as passwd when visiting the site ftp://ftp.CPAN.org username - anonymous passwd - mozilla@ //causing it to break an alert is shown saying "mozilla@ is not a valid passwd" works fine in Linux. Reproducible: Always Actual Results: alert pops up. Expected Results: show the directory listing of CPAN ftp site
darin
Assignee: neeti → darin
-> ftp (bbaetz)
Assignee: darin → bbaetz
Component: Networking → Networking: FTP
Confirming with 0.9.4. We should send mozilla@example.com as the default, I guess. dougt?
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.5
Set "Prefs |Advanced | "Send this email address as anonymous FTP password". If that works, this is a dupe of bug 57763.
benc: no. This worked on and off for both me and darin. The problem is that mozilla@ is not a valid email address, and some ftp servers are picky. The default should be changed
No. We can not specify a dummy domain. Instead we should check against this server response and ask the user for a username/password. (note that other ftp clients have the same problem)
URL: http://ftp://ftp.CPAN.orgftp://ftp.CPAN.org
Why not? example.com is a domain which is guaranteed to never really exist. We could do mozilla@{myHostName} though, but that would leak info if there was a firewall in the middle.
my experience regarding these anonymous ftp servers is they just check for @ followed by some text and a dot in the email address. most of the ftp servers will let you in even if the email address is wrongly formated, but suggest to use something like "abc@domain.com" when visiting next time. CPAN was picky. is it possible to check for the sanity of email address before sending so that this problem will not occur and if it is not in rite format just format it
bbaetz: -re: "no"... Uh, my point is: the user can fix the problem themselves. The summary didn't say "the default value fails w/ some servers." -re example.com: I guess it wouldn't hurt. what do IE and Comm do? (Does anyone have a URL that guarentees that "example.com" will never be used for perpetuity? I was just reading RFC 1630, which says: FTP The ftp: prefix indicates that the FTP protocol is used, as defined in STD 9, RFC 959 or any successor. The port number, if present, gives the port of the FTP server if not the FTP default. User name and password The syntax allows for the inclusion of a user name and even a password for those systems which do not use the anonymous FTP convention. The default, however, if no user or password is supplied, will be to use that convention, viz. that the user name is "anonymous" and the password the user's Internet-style mail address. Where possible, this mail address should correspond to a usable mail address for the user, and preferably give a DNS host name which resolves to the IP address of the client. Note that servers currently vary in their treatment of the anonymous password. In this light, it seems to me that we might want to have a radio button w/ more sophisticated password settings (our default string, some address in an email account you have configed, some reverse-lookup based address, or your custom string. This might be yet another RFE, which I will create if you want to talk about just editing this pref. meanwhile, I've corrected the summary. BTW, this pref name was not a great choice, can't we move it to "network.ftp.*" before it is too late?
Summary: email address as password not set properly → Prefs: improve ftp password when "advanced.mailftp"=false
benc: Lets not get complicated. If we're going to send a bogus value by default, lets send a semanticly valid bogus one.
ben, i understand what u r saying, but people may not set the default value, in that case browser has to set some value something like "profilename@mozilla.org" or something like that
I'm not getting complicated, I'm just getting some standards advocacy in sideways :) I didn't pick "mozilla@"... Heck, I never even thought it would work for a lot of servers, but nobody ever objected until now... What are our friends "IE and Comm" using? re: <PROFILENAME> you pick that and mitchell probably have to get involved.
the default should be mozilla@example.com unless someone has large objections. benc: nn4.77 for unix sends "mozilla@"
no problem as long as it is a semanticaly valid email address :)
Actually picking a domain brainlessly can get you in a lot of trouble. Look at http://www.localhost.com. I checked, and "example.com" is not in DNS. I'd prefer to know it's reserved as bogus, but you get to decide, all I'm here to do is verify :)
how about using some busted dot com's :)
example.com is reserved. http://www.rfc-editor.org/rfc/rfc2606.txt We could use mozilla@mozilla.example but I prefer the first.
Attached patch patchSplinter Review
I don't like this solution as much as i like what other clients do. Why don't we just pop up an dialog asking for the user for another username/password pair?
I think that it would be confusing to pop up the dialog. It doesn't have a problem with anonymous login, just the bogus email address. why not give it a 'real' one which is invalid?
Comment on attachment 51372 [details] [diff] [review] patch please add a comment above this line that mentions the RFC which provides that example.com is valid/legal.
Attachment #51372 - Flags: review+
Comment on attachment 51372 [details] [diff] [review] patch sr=darin
Attachment #51372 - Flags: superreview+
I checked this in last night, but forgot to mark it fixed. Oops.
...and now I jsut forgot to mark it fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
verified. works for me on linux build 10-10-04
Status: RESOLVED → VERIFIED
I send you a patch to correct ftp anonymous passwd. There are three problems with the current approach: - Some stupid servers try to check that what goes after @ exists and delay the login and could deny login if the example.com name goes down. - Sending anything that's not anonymous@ as password is not anonymous by definition - Spyware is not a good idea, most users don't like it. As more and more ftp clients are moving to this anonymous@ password (for example the kde kio ftp, qt3, gnome-xml) I recommend you to apply the patch.
No, we have to send a hostname - if we don't, then some sites won't let us in, because its not a valid addess, which is why this bug was filed in teh first place. >- Some stupid servers try to check that what goes after @ exists > and delay the login and could deny login if the example.com > name goes down. example.com doesn't have a DNS entry, and never will, which is why its used. If the root namesevers are timing out looking up that, the net is having much greater problems. Can you give an url for a server which denies access because example.com does not exist? >- Sending anything that's not anonymous@ as password is not anonymous > by definition this is the 'password', not the username. The username is 'anonymous', which is the custom for this sort of thing (its not technically in any standard, but people use it) >- Spyware is not a good idea, most users don't like it. How is this spyware?? The most it does is let another site know that you may be using a mozilla based product, which is less that the useragent string or navigator.appName gives you. We only send your real email address if you check the box in preferences to do so.
> No, we have to send a hostname - if we don't, then some sites won't let us in, > because its not a valid addess, which is why this bug was filed in teh first place. Can you give an url for a server which denies access because you don't send a hostname? It can't be invalid because IE sends "IEUser@". If a server denies access when there isn't a hostname, it's denying access to half the requests !!! > >- Some stupid servers try to check that what goes after @ exists > > and delay the login and could deny login if the example.com > > name goes down. > > example.com doesn't have a DNS entry, and never will, which is why its used. If > the root namesevers are timing out looking up that, the net is having much > greater problems. > > Can you give an url for a server which denies access because example.com does > not exist? I know servers that check the hostname against DNS and delay login by that amount of time. > >- Sending anything that's not anonymous@ as password is not anonymous > > by definition > >- Spyware is not a good idea, most users don't like it. > > How is this spyware?? The most it does is let another site know that you may be > using a mozilla based product, which is less that the useragent string or > navigator.appName gives you. We only send your real email address if you check > the box in preferences to do so. Why do you think sending the useragent string is a good idea ? It isn't. Do you know sites that deny http requests if you are not using IE ? Monopoly tried to do so in its portal. If you send "mozilla@example.com" instead of "anonymous@" apart from being a privacy leak you are helping sites to discriminate based on user agent and no user wants that. Would you at least consider using "anonymous@example.com" ? (I prefer using "anonymous@" as it's used by some ftp clients like kde kio ftp, qt3, gnome-xml, libnet-perl)
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
*** Bug 117794 has been marked as a duplicate of this bug. ***
cpan does - see comment 0. Only one or two servers did it, and the dns entry round robin's on where you are in the world, so you may not be able to reproduce it. I managed from Montreal, though. mozilla@ has been used for ages, and itcan be changed by the user. Remarking as FIXED
Status: REOPENED → RESOLVED
Closed: 24 years ago23 years ago
Resolution: --- → FIXED
VERIFIED: this is in the functional test.
Status: RESOLVED → VERIFIED
Keywords: testcase
advanced.ftp does NOT work in conjunction with network.ftp.anonymous_password! only (advanced.mailftp, true) works! you should change http://www.mozilla.org/quality/networking/docs/netprefs.html
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: