[Duplicity-talk] Avoiding Password Exposure in ftpBackend

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Avoiding Password Exposure in ftpBackend

From:	Kenneth Loafman
Subject:	[Duplicity-talk] Avoiding Password Exposure in ftpBackend
Date:	Wed, 19 Sep 2007 12:52:38 -0500
User-agent:	Thunderbird 1.5.0.13 (X11/20070824)

There is a very slight security risk in ftpBackend in that the password
is exposed in the NcFTP client commands.  If you feel up to installing a
new version of NcFTP from source, there is a patch in:

https://savannah.nongnu.org/patch/?6209

The patch fixes this problem for users of NcFTP version 3.2.1, the
current version of NcFTP.  I have tested with 3.1.9 and 3.2.0 and they
do not work with these semantics.  The semantics of the command line and
login.cfg file changed with each of the last three versions, but should
be stable beginning with 3.2.1.

...Thanks,
...Ken

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Avoiding Password Exposure in ftpBackend, Kenneth Loafman <=
- [Duplicity-talk] Basic Usage Question, Mark Price, 2007/09/26
  - Re: [Duplicity-talk] Basic Usage Question, Kenneth Loafman, 2007/09/26

Prev by Date: [Duplicity-talk] Duplicity 0.4.4.RC1 Ready
Next by Date: [Duplicity-talk] Rate limiting?
Previous by thread: [Duplicity-talk] Duplicity 0.4.4.RC1 Ready
Next by thread: [Duplicity-talk] Basic Usage Question
Index(es):
- Date
- Thread