On 17 Aug 01, at 0:08, [EMAIL PROTECTED] wrote:
Not that I particularly want to turn this thread into a debate about unix
security, but...
> Anyone with a clue doesn't use /etc/passwd anymore *shadow password file*,
> so thats kind of depreciated...
While this is true a great deal of damage can still be started with access
to your passwd file - gaining access to this file will, at the very least,
disclose a list of valid system users, their home directory and default
shell. This sort of information is useful when it comes to compromising a
system - just imagine the circumstance where someone has development
work sitting in their home directory - you now know the home directory.
Of course, security through obscurity is never a valid approach but it's
also worth trying to avoid the more obvious stuff if you can.
CYA, Dave
-----------------------------------------------------------------------
Outback Queensland Internet - Longreach, Outback Queensland - Australia
http://www.outbackqld.net.au mailto:[EMAIL PROTECTED]
-----------------------------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
