[ILUG] fetchmail security...
john at frontend.ie
Thu Jan 17 10:40:47 GMT 2002
On Thu, Jan 17, 2002 at 01:09:32AM +0000, kevin lyda wrote:
> dunno about anyone else, but passwords in plaintext in my .fetchmailrc
> have always bothered me.
From http://www.tuxedo.org/~esr/fetchmail/design-notes.html :
Password encryption in .fetchmailrc
The reason there's no facility to store passwords encrypted in the
.fetchmailrc file is because this doesn't actually add protection.
Anyone who's acquired the 0600 permissions needed to read your
.fetchmailrc file will be able to run fetchmail as you anyway -- and if
it's your password they're after, they'd be able to rip the necessary
decoder out of the fetchmail code itself to get it.
I like that boulder . . . that is a nice boulder
More information about the ILUG