Re: squid: ftp anonymous password

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 27 Oct 2001 16:34:49 +0200

eperez@dei.inf.uc3m.es wrote:

> Yes, I agree with you. But, criminal organizations like Microsoft can
> make software products that discriminate based on data sent by clients
> and we should avoid that whenever possible.

Such organisations are more likely to do so for HTTP, and there we MUST
by default include the Squid identification or else we would not comply
with HTTP standards from very valid reasons.

> > I don't think we plan on changing the default anonymous FTP "password"
> > in Squid.
>
> Would you default to this non-discriminatory password now ?

Because this is what we have been using for ages, and it does not really
reveal any sensitive information about the user.

This discussion is very much like the discussion on what you should put
into SMTP Received headers. There are valid reasons why software should
put a unique identification in Received headers, just as there is valid
reasons why they should not. As you might have understood by now I
belongs to the group that see the reasons to why it should be included
more important than why not to include it.

Squid is not like a software run by individuals. It is a software run by
organisations. If the organisation does not wish to reveal what they are
using, this is one of many things they must consider.

Give me one real good valid reason why we should change it which
outweights the benefits of having it there in fault tracking by the FTP
server operators.

Sending "Squid@" as anonymous password does not classify Squid as
spyware as it is not reporting anything about it's usage to us or anyone
else in particular. It only identifies to the FTP server from where the
user wishes to fetch FTP content that the request has passed thru a
Squid server. If you want to call it something then it is network server
software fingerprinting.

Regards
Henrik
Received on Sat Oct 27 2001 - 08:33:51 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:35 MST