How secure is UNIX?
Richard Meesters
ram at attcan.UUCP
Wed May 30 03:45:38 AEST 1990
In article <1990May29.124526.13935 at athena.mit.edu>, jik at athena.mit.edu (Jonathan I. Kamens) writes:
> In article <36584 at ucbvax.BERKELEY.EDU>, lauther at janus.Berkeley.EDU
> (Ulrich Lauther) writes:
> |> I just wonder why not the same technique is used with .netrc as with
> |> /etc/passwd: have the file readable, but sensitive parts encrypted?
>
> Because this makes the .netrc file useless for its intended purpose.
>
> The .netrc file is meant to save you the effort of typing your
> password when you ftp to another host, or to allow you to use ftp in a
> shell script without you there to watch it.
>
> At some point, ftp has to be able to send your password in cleartext
> over the network to the other host (that, in itself, is of course a
> security hole, but what the hell, it isn't *too* painful to assume that
> your network is secure :-). An encrypted password simply isn't good enough.
The point is, however valid. If you are going to use a .netrc, why cant it be
more like the passwd system. This merely means that the ftp program must
provide the facilities for encryption/decription of the password, rather than
leaving it up to the user to do so himself.
Using a .netrc, or any type of script to save the effort of typing in a
password when going between systems is not only lazy but stupid. The idea of
a password is, after all to provide a measure of security to your data, and
the system. Automating the process negates any good effect this might have.
One other point. I'm not too sure, but since Dan was burned twice, is it true
then that he must have had the same password combination used for several
different machines (or at least two). Couldn't the damage have been
minimalized by having different .netrc/passwords for each machine?
Regards,
------------------------------------------------------------------------------
Richard A Meesters |
Technical Support Specialist | Insert std.logo here
AT&T Canada |
| "Waste is a terrible thing
ATTMAIL: ....attmail!rmeesters | to mind...clean up your act"
UUCP: ...att!attcan!ram |
------------------------------------------------------------------------------
More information about the Comp.unix.questions
mailing list