Home page logo
/

nanog logo nanog mailing list archives

Re: cleaning up MIME external-body attachments....
From: woods () weird com (Greg A. Woods)
Date: Sat, 26 May 2001 13:15:29 -0400 (EDT)


[ On Saturday, May 26, 2001 at 02:32:13 (-0400), Valdis.Kletnieks () vt edu wrote: ]
Subject: Re: EMAIL != FTP 

And there's something that people are overlooking here - the *clean up*
afterwards.  Sure - I can upload the file to a server and send an e-mail
with a pointer to it.

BUT WHEN AND HOW DOES THAT FILE GET CLEANED UP?

Well, if your computer is online all the time then you'd be publishing a
link directly to it, i.e. to the original file, and so obviously you
don't want to "clean it up"!  :-)

Now let's say I had uploaded it to a server.  When do I know that it's
safe to remove it?

Well, without even thinking too much you could just ask each recipient
to send you back a quick confirmation after they had done the
download....

I guess the point&click nuts among us would want to automate this
despite the fact that e-mail delivery notifications can't be relied
upon....

 If I wait 3 days and remove it, I've possibly
screwed somebody over.  Forget that - I'll just leave it on the server
indefinitely.  So now instead of needing 1M of spool space for the few
minutes it takes to send it out, I'm tying up 1M of spool space
until I clean it up by hand.  Somehow, this is just *screaming* a
"tragedy of the commons" scaling failure at me ;)

The space occupied on the HTTP (or FTP) server isn't "spool space".
It's already destined as "archive space" (many ISPs don't even back it
up and state flatly that it's the user's responsibiilty to keep archive
copies in case of disaster or whatever).

Of course an ISP might provide a few GB of cheap disk for "temp" URLs in
people's home pages that'd get cleaned up automaticaly after a few
days/weeks/whatever of inactivity.  (http://my.isp/~me/temp/ is a
symlink/alias/whatever created by the ISP into this temp space)

Oh - and did I mention that the prior business relationship with most
of these 25 was a business card from last week's SANS?  This means
that if I had uploaded it to a server, I'd have to worry about how
to grant access rights for that document.  I'm lucky that there's
nothing confidential in *that* white paper - 

Don't you know how to encrypt files?  Hopefully any confidential e-mail
message you send is encrypted so why wouldn't you encrypt the
external-body content with the very same key before uploading it to a
public server?

I'm pretty sure that
I'd hit any number of snags and screw-up trying to put a .htaccess
restriction that actually worked....

You certainly would not want to do anything so complex and pointless.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>     <woods () robohack ca>
Planix, Inc. <woods () planix com>;   Secrets of the Weird <woods () weird com>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault