On Thu, Feb 28, 2002 at 05:35:57PM +0100, Nick Wilson wrote:
> someone told me it was a *very* bad idea to have passwords sitting in
> text files on my machine.
They were right!
> Okay, I can see that, I'm the root user though and I'd like to have a
> little script to connect via ncftp to my remote server. (complete with
> password)
>
> If I gave the file 600 perms would that be a risk?
In some ways, yes. You also have to ensure that the backups are similarly
protected, the tapes (if any) can't be taken offsite, and that there is no
local physical access to anyone but you (physical access implies *total* access
to *all* your unencrypted data). You also have to ensure that no untrusted
user has access to any of the packets between you and the remote server, or
they could sniff out the password and screw you.
Put up openssh on your remote server, set up some keys, and use scp to copy
the data back and forth. Put up access controls that also restrict accesses
to your own site so that even if somebody stole your keys, they'd also have
to come from your current IP address.
If you insist on using ftp anyway, put an access restriction on the remote
server that only allows accesses from your IP address/host name.
.../Ed
--
Ed Wilts, Mounds View, MN, USA
mailto:[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
