Path: utzoo!attcan!uunet!samsung!usc!zaphod.mps.ohio-state.edu!mips!smsc.sony.com!dce
From: dce@smsc.sony.com (David Elliott)
Newsgroups: comp.unix.questions
Subject: Re: How secure is UNIX?
Keywords: Security, ftp
Message-ID: <1990May29.022854.22733@smsc.sony.com>
Date: 29 May 90 02:28:54 GMT
References: <100928@<1990May23> <9000030@m.cs.uiuc.edu> <1990May28.102235.10021@agate.berkeley.edu> <6365@amelia.nas.nasa.gov>
Reply-To: dce@Sony.COM (David Elliott)
Organization: Sony Microsystems Corp.
Lines: 23

In article <6365@amelia.nas.nasa.gov> samlb@pioneer.arc.nasa.gov.UUCP (Sam Bassett RCS) writes:
>
>	Moral of the story:
>
>	Don't put passwords in your .netrc, dum-dum.  (Or anywhere that
>*anybody* can read 'em -- even you!)  (Don't assume it's the sysop,
>either -- assume that UNIX is *NOT* secure until it is proven otherwise.)

I think that the problem here, Sam, is that the .netrc file is "an
attractive nuisance".  Not only does the .netrc file give you a place
to put a password, the documentation tells you that this feature won't
be used if the file is readable by others.  In essence, it is saying
"it's safe to put passwords here".

So, while I agree with most of your moral, I disagree with the "dum-dum".
Anyone can be lulled into a false sense of security with the way passwords,
permissions, and so forth are documented.

-- 
David Elliott
dce@smsc.sony.com | ...!{uunet,mips}!sonyusa!dce
(408)944-4073
"If I had a hat the size of Oklahoma, I'd be a happy person."