On Dec 3, 2007 12:56 PM, thomas wrote:
>
> > since the cracker will only need to
> > get two values from vim's memory instead of one. Am I missing
> > something?
>
> This assumes an attack that is specifically targeted at an individual
> vim user using a specific version of the netrw plugin. This isn't the
> most likely scenario though. (Depending on your workplace maybe.)
1. I daresay that most attacks are specific to a particular version of a
piece of software.
2. This entire discussion seems to be based upon an attack targeted
at an individual vim user and a particular piece of software.
3. This entire discussion seems to basically be a moot point since
any cracker worth his salt would just be sniffing the network...
FTP transmits passwords in plaintext; security in how netrw
handles the passwords seems to be a rather moot point to me.
~Matt
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
