X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C7ACB5.272F6D5B@onstor-exch02.onstor.net>; Mon, 11 Jun 2007 22:47:24 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-class: urn:content-classes:message
Subject: RE: Defect  TED00019467 CW-install : Without a password in the URL, the image will not download from the ftp servr Re-opened
Date: Mon, 11 Jun 2007 22:43:54 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E041BF628@onstor-exch02.onstor.net>
In-Reply-To: <20070611223209.6d2e235a@ripper.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Defect  TED00019467 CW-install : Without a password in the URL, the image will not download from the ftp servr Re-opened
Thread-Index: AcesswaWRQgazXL7RRmF6lRCo64wswAAB79Q
References: <ONSTOR-EXCH01idcDjo0000003f@onstor-exch01.onstor.net><BB375AF679D4A34E9CA8DFA650E2B04E041BF4DB@onstor-exch02.onstor.net><20070611170457.3362b1e2@ripper.onstor.net><BB375AF679D4A34E9CA8DFA650E2B04E041BF5AA@onstor-exch02.onstor.net><20070611175952.6d26d6fc@ripper.onstor.net><BB375AF679D4A34E9CA8DFA650E2B04E041BF5E4@onstor-exch02.onstor.net> <20070611223209.6d2e235a@ripper.onstor.net>
From: "Brian DeForest" <brian.deforest@onstor.com>
To: "Andy Sharp" <andy.sharp@onstor.com>

I hear you, believe me...   I was around today (in between meetings) but
I guess we just missed each other.   I'll be in late morning then should
be in the office most of the day. =20

-----Original Message-----
From: Andy Sharp=20
Sent: Monday, June 11, 2007 10:32 PM
To: Brian DeForest
Subject: Re: Defect TED00019467 CW-install : Without a password in the
URL, the image will not download from the ftp servr Re-opened

Wa-ha-ha-haaaaa. Can't we stop playing with this thing and ship it?
</tears>  Is this really a legit real world concern?  I'm starting to
question my sanity.  Don't answer that.

Are you going to be around tomorrow?  Let's get together and consult.


On Mon, 11 Jun 2007 18:15:42 -0700 "Brian DeForest"
<brian.deforest@onstor.com> wrote:

> If the customer has an FTP server that does not allow anonymous FTP,
> then the password is in clear text on the cmdline for anyone to see.
> That's the issue (which I apparently didn't mention explicitly).  =20
>=20
> -----Original Message-----
> From: Andy Sharp=20
> Sent: Monday, June 11, 2007 6:00 PM
> To: Brian DeForest
> Subject: Re: Defect TED00019467 CW-install : Without a password in the
> URL, the image will not download from the ftp servr Re-opened
>=20
> I understand that anonymous has to work, and it does.  The mysterious
> requirement that it be able to prompt for a password doesn't seem to
> be related.  So still not making sense to my walnut sized brain.
>=20
> On Mon, 11 Jun 2007 17:31:13 -0700 "Brian DeForest"
> <brian.deforest@onstor.com> wrote:
>=20
> > Understood, it's not nfxsh.   Customers can use anonymous FTP as
> > well rather than username/password.  The only possible concern
> > would be if anonymous FTP was disabled/unavailable for some
> > reason.  This won't be an issue on our corporate FTP server, where
> > anonymous FTP is available, but might be at a customer's FTP server
> > if anonymous FTP was disabled. (Note some customers download the
> > image from corporate then save on a local FTP server.)  That being
> > said, I made the argument this is a P3 and we will try to get it
> > fixed in Delorean if possible, but it is not a stop ship.  So,
> > hopefully that makes sense.
> >=20
> > -----Original Message-----
> > From: Andy Sharp=20
> > Sent: Monday, June 11, 2007 5:05 PM
> > To: Brian DeForest
> > Subject: Re: Defect TED00019467 CW-install : Without a password in
> > the URL, the image will not download from the ftp servr Re-opened
> >=20
> > This is not nfxsh.  I haven't heard any valid reason why I should
> > spend precious minutes of my time implementing this.  Users of the
> > script should specify a correct URL.  In fact, I haven't heard any
> > reason at all from anyone.
> >=20
> > Cheers,
> >=20
> > a
> >=20
> >=20
> > On Mon, 11 Jun 2007 15:50:12 -0700 "Brian DeForest"
> > <brian.deforest@onstor.com> wrote:
> >=20
> > > I thought nfxsh will accept a username:password or just a username
> > > on the cmdline, and prompt for password (at least it used to, see
> > > getPasswdFromUser()).   You may have to prompt in cw_install.sh.
> > >=20
> > > -----Original Message-----
> > > From: andy.sharp@onstor.com [mailto:andy.sharp@onstor.com]=20
> > > Sent: Monday, June 11, 2007 11:18 AM
> > > To: Raj Kumar; Raj Kumar
> > > Cc: Brian DeForest; Andy Sharp
> > > Subject: Defect TED00019467 CW-install : Without a password in the
> > > URL, the image will not download from the ftp servr Re-opened
> > >=20
> > > Note_Entry:=20
> > > First, I don't think this is a stop ship.
> > >=20
> > > Second, there is nothing that can be done, as far as my
> > > investigation is showing.
> > > I can't force ftp to prompt for a user/password, even though the
> > > -n option is
> > > supposed to do that.  Either the anonymous login works, or _both_
> > > the user and password
> > > must be specified in the URL.  That seems to be all I can get out
> > > of this OpenBSD
> > > version of ftp.
> > >=20
> > > Files_list_entry:=20
> > > Project:=20
> > >=20
