Xref: utzoo comp.protocols.tcp-ip:10535 comp.unix.questions:20552 comp.unix.wizards:20966
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!tut.cis.ohio-state.edu!cs.utexas.edu!rutgers!bpa!cbmvax!grr
From: grr@cbmvax.commodore.com (George Robbins)
Newsgroups: comp.protocols.tcp-ip,comp.unix.questions,comp.unix.wizards
Subject: Re: .netrc
Message-ID: <10106@cbmvax.commodore.com>
Date: 11 Mar 90 06:16:26 GMT
References: <45473@lanl.gov> <1990Mar10.143413.16539@eddie.mit.edu> <1990Mar10.181943.23169@smsc.sony.com>
Reply-To: grr@cbmvax (George Robbins)
Distribution: usa
Organization: Commodore, West Chester, PA
Lines: 19

In article <1990Mar10.181943.23169@smsc.sony.com> dce@Sony.COM (David Elliott) writes:
> In article <1990Mar10.143413.16539@eddie.mit.edu> shawn@eddie.mit.edu (Shawn F. Mckay) writes:
> 
> How much easier is it to get someone's .netrc file than to get
> someone's L.sys file, which also has passwords in it?  In both cases
> the file is protected, though with the .netrc file, many (all?)
> versions of ftp will not even try to use the file if it is readable or
> writable by group/other.

A random sampling of .netrc files will be readable and have the passwords
of "user accounts".  Even if a L.sys file is readable, it contains only
the "uucp" passwords which almost always grant only the limited access that
the remote system has via uucp, usually a public directory and not much
else.

-- 
George Robbins - now working for,     uucp:   {uunet|pyramid|rutgers}!cbmvax!grr
but no way officially representing:   domain: grr@cbmvax.commodore.com
Commodore, Engineering Department     phone:  215-431-9349 (only by moonlite)