On 17 Aug 01, at 0:08, [EMAIL PROTECTED] wrote:

Not that I particularly want to turn this thread into a debate about unix 
security, but...

> Anyone with a clue doesn't use /etc/passwd anymore *shadow password file*,
> so thats kind of depreciated...

While this is true a great deal of damage can still be started with access 
to your passwd file - gaining access to this file will, at the very least, 
disclose a list of valid system users, their home directory and default 
shell.  This sort of information is useful when it comes to compromising a 
system - just imagine the circumstance where someone has development 
work sitting in their home directory - you now know the home directory.

Of course, security through obscurity is never a valid approach but it's 
also worth trying to avoid the more obvious stuff if you can.

CYA, Dave

Outback Queensland Internet - Longreach, Outback Queensland - Australia
http://www.outbackqld.net.au          mailto:[EMAIL PROTECTED]

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to