Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!unmvax!deimos.cis.ksu.edu!uxc!uxc.cso.uiuc.edu!ux1.cso.uiuc.edu!uicsrd.csrd.uiuc.edu!kai
From: kai@uicsrd.csrd.uiuc.edu
Newsgroups: comp.unix.wizards
Subject: Re: FTP
Message-ID: <43200079@uicsrd.csrd.uiuc.edu>
Date: 24 Apr 89 16:46:00 GMT
References: <1451@dsacg1.UUCP>
Lines: 16
Nf-ID: #R:dsacg1.UUCP:1451:uicsrd.csrd.uiuc.edu:43200079:000:748
Nf-From: uicsrd.csrd.uiuc.edu!kai    Apr 24 11:46:00 1989


> /* Written 10:47 am  Apr 20, 1989 by dente@s2.uucp in uicsrd.csrd.uiuc.edu:comp.unix.wizards */
> Surely it doesn't have to be *that* unsecure, as if you have a .netrc file
> containing the line:
> machine machinename login myaccountname password mypassword

The .netrc file is a potentially *horrible* breach of security.  One of the
first rules taught about passwords is "never write them down".

You're right, there is probably very little to worry about security-wise when
using a script to anonymously FTP something.  I just wanted to point the
potential hazard out for people who might take this a step further and try to
write non-anonymous FTP scripts.

Patrick Wolfe  (pat@kai.com,  kailand!pat)
System Manager, Kuck & Associates, Inc.