I agree that for the bookmarks encryption should be considered for the
case where you don't trust root.
But the .netrc file is a much better alternative than passing the
password on the command line (saved in the running processes readable by
any user, and stored in the history file) for automated scripts, in the
current version of lftp.
Franck
On 14/06/2011 11:21, David Bruyer wrote:
Hi,
Passwords stored in the .netrc file are in plain text. And ROOT can
access it.
I think the best way to secure the password is to encrypt it.
Cordialement,
_____________
David BRUYER
2011/6/14 Franck Eyraud <franck.eyr...@jrc.ec.europa.eu
<mailto:franck.eyr...@jrc.ec.europa.eu>>
Hi Juan,
I use the ~/.netrc file with which lftp is compatible.
http://www.mavetju.org/unix/netrc.php
If you mind to set permissions on this file on 600, then no one
else can read this file.
And this is the way I use for automated download with lftp.
Regards,
Franck
On 13/06/2011 13:11, Juan Simón wrote:
Hi,
In the last version of lftp was supressed the output of password
to log but it still shows this sensible info in other places:
I connect to my FTP with this command: "lftp -u <user>,<password>
<server>" and when I execute history I see the password, if I
press key <up> I see the password, if I execute debug it shows
the password too.
This info should be always invisible.
By other side, is there a way to automate FTP connection without
entering the password in plain text?
Regards.
--
Franck Eyraud
European Commission - Joint Research Centre
Institute for Environment and Sustainability
MARS Unit - Community Image Data Portal
TP 266, Via E. Fermi 2749, I-21027 Ispra (VA), Italy
Tel: +39/ 0332 78 9486 Fax: +39 0332 78 5162
--
Franck Eyraud
European Commission - Joint Research Centre
Institute for Environment and Sustainability
MARS Unit - Community Image Data Portal
TP 266, Via E. Fermi 2749, I-21027 Ispra (VA), Italy
Tel: +39 0332 78 9486 Fax: +39 0332 78 5162
