FTP

[Colin Dente]

In article <43200079 at uicsrd.csrd.uiuc.edu> kai at uicsrd.csrd.uiuc.edu writes:
>
>> /* Written 10:47 am  Apr 20, 1989 by dente at s2.uucp in uicsrd.csrd.uiuc.edu:comp.unix.wizards */
>> Surely it doesn't have to be *that* unsecure, as if you have a .netrc file
>> containing the line:
>> machine machinename login myaccountname password mypassword
>
>The .netrc file is a potentially *horrible* breach of security.  One of the
>first rules taught about passwords is "never write them down".
>
>You're right, there is probably very little to worry about security-wise when
>using a script to anonymously FTP something.  I just wanted to point the
>potential hazard out for people who might take this a step further and try to
>write non-anonymous FTP scripts.

Okay - I'm fairly new to this Unix sys-admin game, so enlighten me.  Just *how*
insecure is a file with mode 0X00? - providing (as I said before) you can trust
root (which I can - 'cos he's me!).  Just how easy is it for someone to crack
security easily enough to read such a file?

Colin


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
| Colin Dente                      | JANET: dente at uk.ac.man.ee.els            |
| Dept. of Electrical Engineering  | ARPA:  dente at els.ee.man.ac.uk            |
| University of Manchester         | UUCP:  ...!mcvax!ukc!man.ee.els!dente    |
| England                          | NB. these will work as of 28/4/89        |
|-----------------------------------------------------------------------------|
|   Well I know how to behave in the restaurant now,                          |
|   I don't tear at the meat with my hands.       ....Well, not always....    |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=