Re: tls-ftp and GConf

[Alexander Larsson <alexl redhat com>]

On Mon, 2003-09-08 at 02:02, Andy Hanton wrote:
> I just uploaded a patch to add tls support to the ftp module(bug
> 121713).  While I was searching the web for some test servers to add to
> the bug I found that encrypting the ftp control connection will not work
> from behind a firewall that denies outbound connections by default.  I
> want to add a GConf key to configure this feature, but I don't know
> where it should go.  I would think that it would be
> /desktop/gnome/gnome-vfs/modules/ftp/use_encryption.
> 
> Having a place where modules can add keys seems like a good idea because
> the nntp module also needs some GConf keys and other modules probably
> will in the future.  
> 
> Also should this key default to on or off?  I would guess that any sites
> that have strict firewalls will have admins that could set the key to
> default to off.  On the other hand I am not sure that ftp-tls servers
> are common enough yet that the admin will think about changing it.  

I agree that it would make sense for a standardized place to put vfs
module configuration options. At the moment we have only the gnome-vfs
proxy keys in /system/http_proxy. I dunno where the idea of using
/system came from, but gstreamer seems to have started using it too. I
guess it sort of makes sense, given that apps other than gnome-vfs reads
those keys (i.e. epi). I think /desktop/gnome/vfs/modules/<modulename>
would be work for clearly vfs-specific keys. 

I do have to point out that i'm not all that keen on the idea of gconf
keys for vfs modules in general. These are either hidden settings that
nobody will ever touch, or turns into really complicated UI in some
control-center dialog.

Take the proposed key for instance (as given in this proposal). It
clearly can't be on by default, since that means for many users the
file-manager can just hang. However, if we disable it by default almost
all users will continue to use the insecure code, which is not good.
Furthermore, its often not really possible to set the preference to a
value that works even for just your machine. Take a laptop for instace,
which travels between different networks. Even if you're aware of this
key and want to use secure logins you either have to keep switching it
on/off depending on your location (or switch it off when things hang),
or just keep it always off.

Since vfs modules are very hidden, very "automatic" pieces of code, with
no user interface or visible user-model these kinds of settings just
don't work that well. Unless they are really honest-to-god preferences,
ie. do you prefer it this way or that way, everything still works
whatever you decide.

A better way of handling this problem could be trying to detect when the
firewall problem will happen, and reauth not using tls. I don't know how
feasible this is, but we should at least look into it. At the very least
if we chose to go with the gconf key route we need to handle timeouts in
the ftp method so that we don't hang forever. (This is also needed in
the http method btw. I looked at it once, and it didn't look that hard
to add. Wasn't in time for 2.4 though.)

Btw, Andy, you seem like an ftp-savvy guy. Any chance you could spend
some more time working with the ftp vfs backend? What gnome-vfs could
really need at the moment is people working on the various backends we
have. None of them are really that solid unfortunately, but people seem
much more interested in doing bizzare new vfs modules than making the
current ones usable.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a time-tossed Jewish jungle king with a mysterious suitcase handcuffed to 
his arm. She's a transdimensional junkie fairy princess in the witness 
protection program. They fight crime!