Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!mcvax!ukc!mucs!s2!dente From: dente@s2.uucp (Colin Dente) Newsgroups: comp.unix.wizards Subject: Re: FTP Message-ID: <5947@ux.cs.man.ac.uk> Date: 27 Apr 89 13:36:01 GMT References: <1451@dsacg1.UUCP> <43200079@uicsrd.csrd.uiuc.edu> Sender: news@ux.cs.man.ac.uk Reply-To: dente%man.ee.els@ukacrl.BITNET (Colin Dente) Organization: University of Manchester, UK Lines: 32 In article <43200079@uicsrd.csrd.uiuc.edu> kai@uicsrd.csrd.uiuc.edu writes: > >> /* Written 10:47 am Apr 20, 1989 by dente@s2.uucp in uicsrd.csrd.uiuc.edu:comp.unix.wizards */ >> Surely it doesn't have to be *that* unsecure, as if you have a .netrc file >> containing the line: >> machine machinename login myaccountname password mypassword > >The .netrc file is a potentially *horrible* breach of security. One of the >first rules taught about passwords is "never write them down". > >You're right, there is probably very little to worry about security-wise when >using a script to anonymously FTP something. I just wanted to point the >potential hazard out for people who might take this a step further and try to >write non-anonymous FTP scripts. Okay - I'm fairly new to this Unix sys-admin game, so enlighten me. Just *how* insecure is a file with mode 0X00? - providing (as I said before) you can trust root (which I can - 'cos he's me!). Just how easy is it for someone to crack security easily enough to read such a file? Colin =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Colin Dente | JANET: dente@uk.ac.man.ee.els | | Dept. of Electrical Engineering | ARPA: dente@els.ee.man.ac.uk | | University of Manchester | UUCP: ...!mcvax!ukc!man.ee.els!dente | | England | NB. these will work as of 28/4/89 | |-----------------------------------------------------------------------------| | Well I know how to behave in the restaurant now, | | I don't tear at the meat with my hands. ....Well, not always.... | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=