mc security exposure

Using the FTP feature of mc shows the password in the file transfer
screen.  See snippet below (sorry, the ASCII art didn't transfer well):

lqqqqqqqqqqqqqqqqqqqqqqqqqqq Copy qqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Copy 4 files with source mask:                             x
x *                                                      [^] x
x                                   [x] Using shell patterns x
x to:                                                        x
x /#ftp:mylogin:mypasswd georgetoft com/httpdocs/tautog  [^] x
x [ ] follow Links            [ ] Dive into subdir if exists x
x [x] preserve Attributes                [ ] Stable Symlinks x
x           [< Ok >]   [ Background ]   [ Cancel ]           x
x                                                            x

(I edited my username and password for obvious reasons.)

I feel this is an exposure that need not exist.  If mc is
being used in a demonstration, or when people are around,
the initial logon can be shielded from view, but when transferring
many files, this is not practical.

MC Data
OS: Linux (SuSE 7.3)

mc -V:
The Midnight Commander 4.5.54
Edition: text mode
Virtual File System: tarfs, extfs, ftpfs, mcfs, undelfs
With builtin Editor
Using S-lang library with terminfo database
With subshell support: as default
with mouse support on xterm and the Linux console.
Using locale "en_US" (from environment variable LANG)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]