Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Amanda vs Homegrown

2005-04-21 09:08:06
Subject: RE: Amanda vs Homegrown
From: "Mark Lidstone" <mark.lidstone AT bmtseatech.co DOT uk>
To: <amanda-users AT amanda DOT org>
Date: Thu, 21 Apr 2005 13:52:51 +0100 
Hi Mitch,

Good point - I think I got sidetracked while I was writing that bit.

The security risk I originally meant to point out is related to the
r-commands accounts setup (password-less remote login as another user).
You can still use that to argue your point to the customer though.

Thanks,

Mark Lidstone
IT and Network Support Administrator

BMT SeaTech Ltd
Grove House, Meridians Cross, 7 Ocean Way
Ocean Village, Southampton.  SO14 3TJ. UK
Tel: +44 (0)23 8063 5122         
Fax: +44 (0)23 8063 5144

E-Mail:  mailto:mark.lidstone AT bmtseatech.co DOT uk
Website: www.bmtseatech.co.uk
========================================================================
==
Confidentiality Notice and Disclaimer: 
The contents of this e-mail and any attachments are intended only for
the
use of the e-mail addressee(s) shown. If you are not that person, or one
of those persons, you are not allowed to take any action based upon it
or
to copy it, forward, distribute or disclose the contents of it and you
should please delete it from your system. BMT SeaTech Limited does not
accept liability for any errors or omissions in the context of this
e-mail
or its attachments which arise as a result of Internet transmission, nor
accept liability for statements which are those of the author and not
clearly made on behalf of BMT SeaTech Limited.
========================================================================
==
  

-----Original Message-----
From: Mitch Collinsworth [mailto:mitch AT ccmr.cornell DOT edu] 
Sent: 21 April 2005 13:04
To: Mark Lidstone
Cc: amanda-users AT amanda DOT org
Subject: RE: Amanda vs Homegrown



On Thu, 21 Apr 2005, Mark Lidstone wrote:

> It would still be worth pointing out what a huge security risk the rcp

> command is, and if they insist on using their scripts at least get 
> them to remove the r* accounts setup stuff and use something like 
> rsync over an encrypted channel (why bother protecting the file on the

> disk if you're going to potentially transfer it in plain text over the

> network).

So have you modified amanda to encrypt your network transfers? It
doesn't do that out of the box you know.

-Mitch
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Amanda vs Homegrown, Mitch Collinsworth
Next by Date:  Re: Amanda vs Homegrown, Peter Mueller
Previous by Thread:  Re: Amanda vs Homegrown, Paddy Sreenivasan
Next by Thread:  amanda-2.4.5 released, Jean-Louis Martineau
Indexes:  [Date] [Thread] [Top] [All Lists]