[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-talk] Avoiding Password Exposure in ftpBackend
From: |
Kenneth Loafman |
Subject: |
[Duplicity-talk] Avoiding Password Exposure in ftpBackend |
Date: |
Wed, 19 Sep 2007 12:52:38 -0500 |
User-agent: |
Thunderbird 1.5.0.13 (X11/20070824) |
There is a very slight security risk in ftpBackend in that the password
is exposed in the NcFTP client commands. If you feel up to installing a
new version of NcFTP from source, there is a patch in:
https://savannah.nongnu.org/patch/?6209
The patch fixes this problem for users of NcFTP version 3.2.1, the
current version of NcFTP. I have tested with 3.1.9 and 3.2.0 and they
do not work with these semantics. The semantics of the command line and
login.cfg file changed with each of the last three versions, but should
be stable beginning with 3.2.1.
...Thanks,
...Ken
signature.asc
Description: OpenPGP digital signature
- [Duplicity-talk] Avoiding Password Exposure in ftpBackend,
Kenneth Loafman <=