[unisog] Size Limit on E-Mail Attachments

Mitch Collinsworth mitch at ccmr.cornell.edu
Sun Nov 4 20:31:53 GMT 2001



On Sun, 4 Nov 2001, Phil Miller wrote:

> which is what you will do if you want to allow uploads from arbitrary 
> people on your site so that someone else can download it.  You also open 
> yourself up to a DOS attack by filling up the upload area.  This discussion 
> was in the context of how to allow the transfer of large files from one 
> person to another.  Note that this is not the issue about how I can put 
> files up that others can download, the issue is how Professor A transfers a 
> large document to Professor B somewhere else without requiring Professor A 
> to know how to set up a web site or other methods proposed by others.

Allowing anonymous upload and download in the same directory is
what gets you used for warez.  If you want both upload and download
capabilities, you need to put them in separate places and require
authentication for one side or the other in each place.  I.e. an
authenticated user can upload a file into a directory that allows
anon download.  And an anonymous user can upload a file into a
directory that only authenticated users can read.  Putting a timeout
on the anon upload directory is a handy touch.

-Mitch



More information about the unisog mailing list