[linux] Hiding arguments from ps

M. Hornung mike at boobaz.net
Thu Jul 28 08:45:52 PDT 2005 

How about a file submission form that lets users upload their files 
somewhere and asks for the email address of the people who are goign to 
want the file?  Then the file gets stored somewhere on the web server.  
You can hash the recipient address, or something, to create a unique URL 
for each recipient of the file, then your CGI can send email to the 
recipients telling them where they can get the file.  The bonus is you can 
check your web logs to see which recipients have downloaded the file, and 
there is no password protection on the file.

This way the people sending files only have to learn to use the web 
submission form instead of sending the file in email.  No extra passwords 
or other information required.

If you really must have passwords on the URLs you could use simple 
authentication (ala htpasswd) and the web submission form could, again, 
use the recipient address to generate a username/password and send it to 
the recipient of the file without the sender ever having to know that one 
even got generated.

AND you could have a monitor script that checks web logs and deletes files 
as soon as the recipient has downloaded them.

-Mike

On Thu, 28 Jul 2005 at 08:08, fnord, Michal wrote:

|On 7/28/05, Garrett Cooper <youshi10 at u.washington.edu> wrote:
|> Ethan A Merritt wrote:
|> 
|> >On Wednesday 27 July 2005 11:25 pm, Peter Woodman wrote:
|> >
|> >
|> >>On Jul 27, 2005, at 11:19 PM, Ethan A Merritt wrote:
|> >>
|> >>
|> >>>Any chance you could distribute by Bittorrent, and just Email the
|> >>>torrent to the intended recipients?  They wouldn't need a password,
|> >>>just the torrent file itself.
|> >>>
|> >>>
|> >>i don't know about that. it varies department-to-department, for
|> >>sure, but I doubt that this would ever fly with most faculty in non-
|> >>technical departments. Getting everyone to download/install/use a
|> >>bittorrent client would not be open/shut where I work.
|> >>
|> >>Besides, how is BT justified here, other than it being "cool"?
|> >>Jesse's probably got the best idea.
|> >>
|> >>
|> >
|> >The stated requirement was a way to send big files to certain people
|> >without sending the files themselves by Email.  I assumed that the
|> >point of the password discussion was to limit access to these files
|> >to the intended recipient, rather than just putting them on some
|> >publicly-accessible web site.  Bittorrent seems to meet all those
|> >requirements.  You don't send the file, just the torrent.
|> >If they don't have the torrent, they can't retrieve the file.
|> >
|> >
|> >
|> >
|>     Hmmmm... but IP limiting is still iffy in a way on trackers. Why not
|> have a torrent tracker setup, but instead of filtering IPs (if the
|> content was private) just distribute the torrent via a pubcookie
|> protected site?
|>     I'm venturing-out on a limb-to guess that the reason why the file
|> isn't being sent via email and dealing with faculty is because the
|> faculty are using MyUW.net.
|
|I think that MyUW.net is a service only for UW Alumni, but I could be wrong.
|
|Anyways, Travis has stated the only problem he's trying to solve is
|that of having users send emails with large attachments. Turning the
|distribution model from a "push" to a "pull" is what he's going for.
|BT sounds like a prohibitively complicated solution, especially if
|there are, say, three recipients of the files.
|
|(I'm also inclined to believe that the recipients may not be
|affiliated with the UW in a formal sense and may not have UW NetID's
|to authenticate with. But what do I know :P)
|
|-Michal
|

More information about the Linux mailing list