On Thu, Mar 10, 2005 at 05:53:41PM -0500, Jan Harkes wrote:
> Actually, there is this annoying bug where a user with expired tokens
> gets EACCESS on everything, even on those files that are accessible by
> System:Anyuser.

I am a bit concerned about letting anyone with expired tokens
to access things as System:Anyuser. As System:Anyuser means tokenless
connections to the server, I may miss when my tokens expired,
and unexpectedly lose the guarantee of server authenticity.
I have the guarantee while I am using authenticated access (at least
as long as nobody else fetches the objects before I do).

What we would possibly need is to mark each object in the cache
as "fetched authenticated" vs "unauthenticated" and provide a way for a user
to postulate "I want authenticated access _only_".
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Then I would be guaranteed to never fetch files (thinking, say, of executables)
when I do not know the server autnenticity (i.e. without tokens)
and could neither unexpectedly get an object insecurely fetched by somebody
else.

Of course, this would lead sometimes to double fetches:
when I access an anonymously cached object, I should trigger
a new fetch to be able to access the contents, or be refused
the access if I do not have a suitable token.

> Only figured that one out a couple of days ago. I think it got
> introduced with or shortly after the realms code got merged, so the
> problem has been around for a while.

It is at least a bit safer situation than otherwise.

> > I am suspicious of how venus handles revoking objects in the cache
> > that are still open in the kernel.  I don't have $HOME in coda, just
> > bits that I symlink in, so I am much less likely to have files open
> > all the time.

I have $HOME on Coda and I do not experience problems when tokens expire.
On the other side, I am not using disconnected operation on $HOME.
Most often not write disconnected either.

When using multiple computers and disconnected operation,
bash and mozilla (or any other program unscrupulously updating $HOME/dotfiles)
are a disaster. One may want to configure bash so that different sessions
do not use the same .bash_history, and mozilla - for different profiles.

On the other side, with a bit of discipline in reintegrating, it is very
nice to have the same mozilla setup and bookmarks everywhere :)

Regards,
--
Ivan