[OpenAFS-devel] Re: safe dropboxing in an anonymous world
Andrew Deason
adeason@sinenomine.net
Mon, 7 Feb 2011 10:54:31 -0600
On Mon, 7 Feb 2011 11:02:18 -0500
Derrick Brashear <shadow@gmail.com> wrote:
> The effect of the "or be owner and have insert access" is to allow
> readback if for some reason you need to pull back from the server in
> the process of writing something out for insert. In an "atomic write"
> world this would not be necessary, and
> in this world it is only dubiously so.
If the client were improved to only write dirty bytes to the server,
this could be avoided, yes?
> In a directory which is system:anyuser li, this allows people to read
> previous submissions. This is probably undesirable. It's simple to
> avoid the problem this way, which the compromise that readback isn't
> possible.
I think arbitrary reads of this sort are currently prevented via
client-side enforcement, right? So it would be difficult to do that
accidentally.
> Ignoring the broader question of "do we really want the readback
> ever", comments on this revision?
I think we'd need to advertise that s:anyuser dropboxes may not always
work as expected, if you're depending on anonymous inserters.
--
Andrew Deason
adeason@sinenomine.net