Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!samsung!uakari.primate.wisc.edu!sdd.hp.com!hplabs!hpcc01!hpcuhb!hpcllla!hpclisp!defaria@hpclapd.HP.COM
From: defaria@hpclapd.HP.COM (Andy DeFaria)
Newsgroups: comp.unix.questions
Subject: Re: How secure is UNIX? (Re: Stupid man pages)
Message-ID: <720015@hpclapd.HP.COM>
Date: 30 May 90 16:01:56 GMT
References: <1990May23.100928.10699@agate.berkeley.edu>
Organization: Hewlett-Packard Calif. Language Lab
Lines: 10

>/ hpclapd:comp.unix.questions / jik@athena.mit.edu (Jonathan I. Kamens) /  5:45 am  May 29, 1990 /

>  At some point, ftp has to be able to send your password in cleartext
>over the network to the other host (that, in itself, is of course a
>security hole, but what the hell, it isn't *too* painful to assume that
>your network is secure :-).  An encrypted password simply isn't good enough.

I'm no security guru on Unix but  it seems to  me that the  way around this
problem  would  be to remove  this silly  restriction  and  allow  ftp (and
others?) to send encrypted passwords to the other host.