Re: Password visibility in the client command line
1997-01-20 12:16:38
Subject: |
Re: Password visibility in the client command line |
From: |
James Purdon <james_purdon AT MERCK DOT COM> |
Date: |
Mon, 20 Jan 1997 12:16:38 -0500 |
Hi,
The security risk of ADSM password exposure by ps is as follows:
Knowing the password of a node allows you to spoof the node,
and extract any file you want.
Say I have an account on host AIXbox, which has files that I cannot
access but is backed up by dsmc -password=whatever. I can use the
NODENAME AIXbox option to rename a host which I do control and use
the password to complete the spoof! I then get access to all the
files on AIX box.
We use the "Passwordacces generate" option to avoid this problem (which
causes other problems that we have decided to live with). It would be
nice if there was a dsmc internal command to specify the password (not
"set password", which changes it).
Jim
|
|
|