Thread: SSA OLC Region for Flight Claim
View Single Post
  #35  
Old July 19th 06, 12:36 AM posted to rec.aviation.soaring
Frank Whiteley
external usenet poster
  
Posts: 2,099
Default OLC and CAI Binary File Validation (was SSA OLC Region for Flight Claim)

Frank Whiteley wrote:
Jeremy Zawodny wrote:
Frank Whiteley wrote:
Although FTP is a reasonable method of file transfer, it isn't likely
the appropriate method of uploading OLC data. FTP has also had a
pattern of security cracks in the past few years, so SCP/SFTP tunneling
via SSH is much preferred. A file transfered via FTP would require an
additional server process, additional server ports, real server load,
and additional scripts and support issues. If would also complicate
the edit function.

Huh?

The security issues in FTP are largely twofold:

(1) it's a cleartext protocol
(2) specific FTP servers have had problems

It's a bit broad to paint ALL of "FTP" as having "security cracks."

The additional server process and associated "real server load" are
trivial in modern terms. I doubt the OLC is run on an old 486.

And it would complicate the edit function only if implemented in a
complicated way. A custom FTP server could take you file, issue you a
"ticket number" or something similar, and you'd use that to tell the
edit form what it needs to know to find your file.

This stuff is not rocket surgery.

Jeremy
I have also seen entire companies impacted by administrative oversights
in FTP, up to including public disclosure of thousands of CC cards,
user accounts, and other personal information. I think effort is
better spent debugging current issues and leaving other security
concerns out of the picture. PHP also has it's own set of security
issues, but it also allows better control over the persistency of
connections. FTP is a persistent connection and depending on timeouts,
leaving too many connections available can lead to DDOS mischief. Most
ISP's allowing FTP allow very few FTP connections relative to the
number of customers on the service. OLC is currently in use by a very
small percentage of the potential pilot base, especially if the
movement is to more important services. It would be nice to know if
the incremental cost per pilot will increase or decrease with growth
and can be supported by advertising. There is likely a point at which
a substantial upscaling of the servers and bandwideth would be needed.
It's one of the better things to happen to soaring in some time.

Frank

Interestingly, I was showing the global view of OLC to a former B-17
pilot today as the bulk of the European flights were showing up and I
got a short period of server unavailability, that is, an OLC page
advising this, not a failure to connect. I suspect the database server
was humming.

Frank

Frank