Questionable Identities
In a typical implementation of a WWW or Gopher server and similar software, the identity function is
applied to URL paths, selector strings, and like things to produce filenames underneath a path root.
A security issue is born from this, as many file systems allow for special filenames to traverse the
tree structure, and break free from such a path root; to filter such special filenames or other such
traversal commands is system-specific, as are mechanisms which restrict file accesses to path roots.
It occurred to me that it would be much easier in many respects to omit use of the identity function
for such, and instead require the mapping of all locations to filenames to be given explicitly. The
main drawback would be the need to signal that this mapping should be rebuilt, as opposed to dumping
files in the usual directory, but the advantages of this for relatively ``static'' servers is clear.
To omit the default method of translating protocol locations to filenames is also to remove any need
for a mechanism to translate such locations differently. It's also more efficient to reject invalid
protocol locations, without the need to enquire about them to the underlying system. I particularly
dislike when that empty or default location can be accessed by any name beyond its true name. In my
current Gopher server implementation, the empty selector string is mapped to the filename ``map'' in
the path root, and the ability to access it so has displeased me always. Rather than put it outside
of the path root, it's much nicer to have only explicit mappings which prevent this by construction.
Every file system I've seen has arbitrary restrictions on filenames, asinine or not, and this method
also allows for subverting these things entirely and rather transparently. Regardless, sufficiently
complicated such servers likely won't benefit from application of this method, or use solutions such
as programmatic transformation of all protocol locations in some other way which suits them. Still,
it's nevertheless valuable to question all, even any accepted applications of the identity function.