Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Possible security issue with the use of 'ps'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Possible security issue with the use of 'ps'
Authored by: adashiel on Apr 21, '03 10:50:30AM

I know it's been said before, but security is a pretty relative thing if you're using FTP. Unless you've got an SSL-encrypted or Kerberized connection, which is pretty rare in straight FTP, your password is going out on the network in the clear anyway. Particularly if you're the only user on your machine, that should concern you a lot more than your password showing up in the process list.

I don't know if I'd recommend using a netrc file, either. While a process listing is relatively ephemeral, the netrc is a permanent fixture. It's so easy to accidentally set the wrong permissions on it, and if your machine gets rooted, you've just provided an attacker access to every host you've saved your password for.



[ Reply to This | # ]