LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 05-01-2013, 03:34 AM   #1
patrick295767
Member
 
Registered: Feb 2006
Distribution: Debian
Posts: 275

Rep: Reputation: 39
Is using wput unsecured?


Hi,

I was mentioning to a colleague to avoid using wput. Isnt it unsecured also into a command line?

example:
Quote:
http://www.cs.rutgers.edu/~watrous/user-pass-url.html

This is unadvisable for several reasons. The URL being opened may be determinable by other users on the same machine on which you are browsing (as from a command line).
Greetings
 
Old 05-01-2013, 05:46 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,075

Rep: Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777
Providing your identification in plain text isn't a real good idea (for the reasons explained in the link).

If you want security -- and why wouldn't you want security -- scp is a significantly better way to do so.

Hope this helps some.
 
Old 05-01-2013, 07:05 AM   #3
ruario
Senior Member
 
Registered: Jan 2011
Location: Oslo, Norway
Distribution: Slackware
Posts: 1,866

Rep: Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884
He may not be able to use scp, depending on if he is controlling the host he is uploading to but of course point is generally valid. Where possible scp is certainly a much safer plan.

Assuming you have to use ftp at least consider using cURL, since this will hide the password from a ps command run by another user on the same system. IIRC wput will not do this, so a well timed 'ps aux' by someone else on the same system will allow them to snoop the password.

EDIT: Read this for more information on cURL hiding passwords from other users on a system.

Last edited by ruario; 05-01-2013 at 07:16 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wput script ceantuco Linux - Newbie 8 03-12-2012 09:52 AM
wput not uploading whiteghetto Linux - Software 0 08-22-2008 12:59 PM
wput and anonymous FTP whiteghetto Linux - Software 1 08-19-2008 02:43 PM
vsftpd and wput mnotgninnep Debian 8 03-07-2006 05:06 PM


All times are GMT -5. The time now is 12:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration