LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page Is using wput unsecured?
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-01-2013, 03:34 AM   #1
patrick295767
Member
 
Registered: Feb 2006
Distribution: FreeBSD, Linux, Slackware, LFS, Gparted
Posts: 664

Rep: Reputation: 138Reputation: 138
Is using wput unsecured?

Hi,

I was mentioning to a colleague to avoid using wput. Isnt it unsecured also into a command line?

example:
Quote:
http://www.cs.rutgers.edu/~watrous/user-pass-url.html

This is unadvisable for several reasons. The URL being opened may be determinable by other users on the same machine on which you are browsing (as from a command line).
Greetings
 
Old 05-01-2013, 05:46 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065
Providing your identification in plain text isn't a real good idea (for the reasons explained in the link).

If you want security -- and why wouldn't you want security -- scp is a significantly better way to do so.

Hope this helps some.
 
Old 05-01-2013, 07:05 AM   #3
ruario
Senior Member
 
Registered: Jan 2011
Location: Oslo, Norway
Distribution: Slackware
Posts: 2,557

Rep: Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762Reputation: 1762
He may not be able to use scp, depending on if he is controlling the host he is uploading to but of course point is generally valid. Where possible scp is certainly a much safer plan.

Assuming you have to use ftp at least consider using cURL, since this will hide the password from a ps command run by another user on the same system. IIRC wput will not do this, so a well timed 'ps aux' by someone else on the same system will allow them to snoop the password.

EDIT: Read this for more information on cURL hiding passwords from other users on a system.
Last edited by ruario; 05-01-2013 at 07:16 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wput script ceantuco Linux - Newbie 8 03-12-2012 09:52 AM
wput not uploading whiteghetto Linux - Software 0 08-22-2008 12:59 PM
wput and anonymous FTP whiteghetto Linux - Software 1 08-19-2008 02:43 PM
vsftpd and wput mnotgninnep Debian 8 03-07-2006 05:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:05 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration