On Thursday, 01/14/2010 at 10:58 EST, "Stricklin, Raymond J" <raymond.j.strick...@boeing.com> wrote:
> Just as a matter of clarification, can I ask why someone would put login > credentials inside of an EXEC that calls FTP, in preference to making use of > NETRC DATA ? (cough) The security exposure and subsequent audit failure is the same, whether you have a clear-text password in an EXEC or a NETRC file. In either case, the password should be in clear-text only in flight, not at rest. While at rest it should be encrypted (preferred), hashed, or otherwise obscured. This is why user certficate support for Secure FTP is needed. Then you won't need a password (unless the other end requires 2-factor authentication). Alan Altmark z/VM Development IBM Endicott