Re: mc security exposure



Hi!

Symptom
Using the FTP feature of mc shows the password in the file transfer
screen.  See snippet below (sorry, the ASCII art didn't transfer well):

lqqqqqqqqqqqqqqqqqqqqqqqqqqq Copy qqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Copy 4 files with source mask:                             x
x *                                                      [^] x
x                                   [x] Using shell patterns x
x to:                                                        x
x /#ftp:mylogin:mypasswd georgetoft com/httpdocs/tautog  [^] x
x [ ] follow Links            [ ] Dive into subdir if exists x
x [x] preserve Attributes                [ ] Stable Symlinks x
x           [< Ok >]   [ Background ]   [ Cancel ]           x
x                                                            x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

(I edited my username and password for obvious reasons.)

That's okay... You might want to change username/password at this
point.

cd has some ugly code for handling passwords and not displaying them in
panels... It is probably bad idea to add more hacks to copy dialog.

                                                                Pavel
-- 
Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]