geturl duplicates the functionality of wget and curl. MC claims it is a security risk, though that is unproven. Anyway, it's not used by TWiki, it's a bit of a carbuncle, and should either be moved to a contrib or removed.

Requirement for EdinburghRelease

CC

I should have worded: geturl is relatively untested (with respect to standard tools such as wget and curl) and intrinsically a command line tool could be used to mount denial of service attacks against other machines. As it is not used by TWiki, it is misguided to expose it via the CGI interface on default builds. The only reason it is in is because the company Peter used to work for needs it.

This comes back to the discomfort I have that we did not yet TWiki:Codev.RenameBinToCgiBin - at the very least according to TWiki:Main.RichardDonkin suggestion this script belongs in a utils directory so that it can never be exposed via CGI.

MC

Documented the deprecation of geturl in SVN 8173

CC

Whoever thinks that this script must be retirement should provide a rest interface with the same functionality (the code is already in TWiki::Net).

-- PTh

Actually, it would make sense to move geturl to the tools directory since it is a command line utility.

The utilities in =bin/tools = need to be documented, Item1398.

-- PTh

---

Undeferred, post Dakar CC

---

I'm not sure I understand the point above, Whoever thinks that this script must be retirement should provide a rest interface with the same functionality. Why? What role does geturl play in TWiki? The one example of usage in the docs could better be done using curl. If it is intended as a handy script for people to download, it should be pulbished as such - AFAICT it has nothing to do with TWiki.

CC

No feedback justifying a REST script. At the same time, I can't be bothered removing the script and clearly neither can anyone else. Discarded.

CC