home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20010306-20010921
/
000085_news@columbia.edu _Thu Apr 26 18:15:38 2001.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
2KB
Return-Path: <news@columbia.edu>
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by monire.cc.columbia.edu (8.9.3/8.9.3) with ESMTP id SAA09520
for <kermit.misc@cpunix.cc.columbia.edu>; Thu, 26 Apr 2001 18:15:37 -0400 (EDT)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.9.3/8.9.3) id RAA07283
for kermit.misc@watsun.cc.columbia.edu; Thu, 26 Apr 2001 17:49:14 -0400 (EDT)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: fdc@columbia.edu (Frank da Cruz)
Subject: Re: copying a file to a ftp-server
Date: 26 Apr 2001 21:49:13 GMT
Organization: Columbia University
Message-ID: <9ca54p$73g$1@newsmaster.cc.columbia.edu>
To: kermit.misc@columbia.edu
In article <3AE89513.19D4DF4E@plustechnologies.com>,
Rich Gray <richNOgSPAM@plustechnologies.com> wrote:
: ...
: There can be a heck of a difference between getting a userid/password
: from a .netrc file or some other indirect source and specifiying
: directly on the command line. If you put it in on a command line, it
: can show up in ps! Talk about exposed!
:
That's true, of course, but at least in that case it's ephemeral.
If you put it in a file, it is open to snatching twenty-four/seven.
If your computer ID can be hacked into, it's best if you don't leave
the keys to all your other computer IDs sitting out in the open, in
a well-known place, for the hacker to pick up.
: A non-command line user:password
: is at least "secured" by file permissions. The cURL
: (http://curl.haxx.se) utility has the ability to take parameters from a
: file or standard input. I use it to do an ftp transfer by invoking it
: in a popen(), piping in parms I don't want to show up on the command
: line (like -u user:password) and letting things I want visible in ps go
: on the command line. I trust kermit has a similar capability?
:
Yes, Kermit can take commands from a file or standard input. It can also
ask you for the password at the point at which it needs it (and not echo
when you type it). In fact, the major benefit of the Kermit FTP client is
not so much that you can initiate transfers from the command line, but
that you can program complex FTP operations in portable scripts as
described here:
http://www.columbia.edu/kermit/ftpscript.html
- Frank