LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Is using wput unsecured? (http://www.linuxquestions.org/questions/linux-general-1/is-using-wput-unsecured-4175460256/)

patrick295767 05-01-2013 03:34 AM

Is using wput unsecured?
 
Hi,

I was mentioning to a colleague to avoid using wput. Isnt it unsecured also into a command line?

example:
Quote:

http://www.cs.rutgers.edu/~watrous/user-pass-url.html

This is unadvisable for several reasons. The URL being opened may be determinable by other users on the same machine on which you are browsing (as from a command line).
Greetings

tronayne 05-01-2013 05:46 AM

Providing your identification in plain text isn't a real good idea (for the reasons explained in the link).

If you want security -- and why wouldn't you want security -- scp is a significantly better way to do so.

Hope this helps some.

ruario 05-01-2013 07:05 AM

He may not be able to use scp, depending on if he is controlling the host he is uploading to but of course point is generally valid. Where possible scp is certainly a much safer plan.

Assuming you have to use ftp at least consider using cURL, since this will hide the password from a ps command run by another user on the same system. IIRC wput will not do this, so a well timed 'ps aux' by someone else on the same system will allow them to snoop the password.

EDIT: Read this for more information on cURL hiding passwords from other users on a system.


All times are GMT -5. The time now is 10:04 AM.