Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Possible security issue with the use of 'ps'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Possible security issue with the use of 'ps'
Authored by: aaronfaby on Apr 21, '03 11:01:53AM

The solution is simple. Just don't use FTP. Use sftp or scp
instead. Most FTP clients seem to support sftp nowadays,
so client compatibility shouldn't be an issue.



[ Reply to This | # ]
Possible security issue with the use of 'ps'
Authored by: Hivelogic on Apr 21, '03 11:10:31AM

I can't believe that people actually specify FTP options on
the command-line with FTP.

Just type ftp someserver.com and you'll be prompted for
the username and password.

Who would do this on the command line in this fashion?

Unbelieveable.



[ Reply to This | # ]
Hmm...
Authored by: robg on Apr 21, '03 11:20:40AM

When I use "ftp someserver," it seems to default to "anon" and "email@host" as the username/pass. On my server, where anon is disabled, I can't connect without using a .netrc or specifying it on the command line (which I never do). So i just use a graphical client instead ;-)

-rob.



[ Reply to This | # ]
Hmm...
Authored by: Eravau on Apr 21, '03 11:55:57AM
Well, you could just type: ftp

You'll then be in the ftp application and get the ftp> prompt. At the prompt, type: open -u username server.domain.com

It'll then log on under your username and request your password.

[ Reply to This | # ]

Hmm...
Authored by: Eravau on Apr 21, '03 11:56:57AM
Well, you could just type: ftp

You'll then be in the ftp application and get the ftp> prompt. At the prompt, type: open -u username server.domain.com

It'll then log on under your username and request your password.

[ Reply to This | # ]

Hmm...
Authored by: Lizard_King on Apr 21, '03 12:08:11PM

another idea to try out would be to simply run ftp from the command line without any specific parameters. Once you see the "ftp>" prompt, you can connect to machines via the command: "open someserver.com"



[ Reply to This | # ]
Hmm - use 'ftp someuser@yourdomain.com'
Authored by: Krioni on Apr 22, '03 12:36:14AM
If you want to login as a specific user just do this:

ftp someuser@somedomain.com

You'll be asked for someuser's password, rather than trying to login as your local account name. No need to specifiy the user and password - user by itself is fine. It will ask for what you leave out.

[ Reply to This | # ]

Possible security issue with the use of 'ps'
Authored by: sharumpe on Apr 21, '03 11:46:47AM

There are plenty of reasons why you would want to specify credentials in a non-interactive fashion. If you want to automate the up/downloading of files, you certainly don't want to have to enter things by hand.

Some programs that run on the command line will allow you to specify a file to grab credentials from (smbclient is an example of this). Some do not. A little bit of Perl can get around this, but it's not trivial if you don't know Perl (and I'm sure there are other solutions). Check the man pages (man command) to see if the command you're using supports something like this.

In general, if you have multiple users on your machine, you should avoid any command-line that includes your username and (especially) your password in clear text. If you are the only user, it's not a big deal.

Mr. Sharumpe



[ Reply to This | # ]