Rick Hawkins wrote: > > > already knows the names of these files. On a Debian 1.3 machine, > > which uses shadow passwords, essentially the only thing that would be > > of use for people would be files in your home directory. And since > > there are no predictable patterns for these files, it would be > > difficult to construct a web page that would cause serious harm. > > what about .login or .cshrc? these seem like prime candidates for > mischief?
How about ~/.ssh/identity? Of course security minded people will require a password to decrypt their personal ssh identity... And as far as ssh falling back to .rhosts or rlogin, sshd can be (and should be IMHO) configured to do neither. Behan -- Behan Webster mailto:[EMAIL PROTECTED] +1-613-224-7547 http://www.verisim.com/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
