More information about the Underscore mailing list

[_] Saving FTP details securely

David Darke david at atomicsmash.co.uk
Thu May 23 15:19:23 BST 2013

Thanks Tim very helpful.

Dave.



---

Atomic Smash Ltd
Unit 1.6
Temple Studios
Temple Meads
Bristol BS1 6QS

w: http://www.atomicsmash.co.uk
e: david at atomicsmash.co.uk
t: 07525031748

Registered Company Number - 8174878 | VAT Number - 144 3079 25

On 23 May 2013, at 15:09, Tim Wintle wrote:

> On Thu, 2013-05-23 at 15:00 +0100, David Darke wrote:
>> Hi Tim,
>> 
>> That's very clearly explained. I have a couple of questions.
>> 
>> So all the details are stored in ftp_credentials.json in Host A. Presumably having the "ftp_credentials.json owned by "secureuser" with group and anonymous reads disabled." Does this mean if a hacker got into the filesystem, it's relatively safe?
> 
> Yes - as long as they didn't get root..
> 
> The intruder could still sniff the credentials if they could sniff
> packets from the NIC (as FTP isn't hugely secure) - but that also
> requires root IIRC.
> 
> This is how "passwd" and "crontab" work - they are owned by root with
> the SUID bit set. The applications are run by any user, but can edit any
> file that root can access (so security is down to the application).
> 
> Tim
> 
> 
> -- 
> underscore_ list info/archive -> http://www.under-score.org.uk/mailman/listinfo/underscore