[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [dvd-discuss] Hang the RIAA in their own noose.



On Thu, 18 Oct 2001, Richard Hartman wrote:

>
> You can also password protect information on the web server
> running on port 80 (which would actually be better than attempting
> to hide it on a non-standard port anyway...)
>

Close, I have access restrictions to certain IP's. The intent of those
restrictions is that only I can use them. But, there may be a mistake.

>
> I am not.  I am claiming that certain ports are "well known".  Which
> is to say that certain services are assigned certain ports by a central
> governing body (IANA, I think).  If you are running those services on
> those ports, you can _expect_ access by all and sundry.  If you want
> privacy, you take steps.
>

I have taken steps that are intended to restrict access.

Your claim that if a computer is offering a port implies that that access
should presume to be granted is not correct, unless you assume that every
computer has perfect configuration.

>
> Again, we can only judge intent by configuration.  (Or perhaps by
> a posted disclaimer ...)   If you are running a standard service
> on a standard port, the best presumption of intent is that you
> are intending to provide that service.
>

You had said:

> On Wed, 17 Oct 2001, Richard Hartman wrote:
>
> >
> > Maybe, but I'm not sure.  The entire _purpose_ of a web
> > server is public access.  An FTP server, it might be argued,

You are assuming that perfection exists, that everyone configures their
computer so that the configuration matches their intent.

This ignores the reality that people misconfigure computers, software may
not even offer configuration features that match their intent, or that
there will be no bugs in the software that allow access that was not
intended.

Just because a web server is running on a port does not mean that access
to it is intended to the public. (Nor does it automatically mean that
access to it is an attempt to crack the machine.)

IMHO, whether or not access was intended should be judged based on what
level of access was granted. Access to private information can be assumed
to be unintended, no matter what the protocol. Access to information that
appears intended to be public should be consider to be intended.

Scott


--
No DVD movie will ever enter the public domain, nor will any CD. The last CD
and the last DVD will have moldered away decades before they leave copyright.
This is not encouraging the creation of knowledge in the public domain.