Number: 773

Date: 19-Apr-84 21':04':44

Submitter: le.pasa

Source:  Martin.pasa

Subject: Password shows up in backtrace of FTPSERVER.

Assigned To: 

Attn: vanMelle.pa

Status: Open

In/By: 

Problem Type: Design - Impl

Impact: Serious

Difficulty: Hard

Frequency: Everytime

Priority: Perhaps

System: Communications

Subsystem: Lisp Servers

Machine: 

Disk: 

Lisp Version: 

Source Files: 

Microcode Version: 

Memory Size: 

File Server: 

Server Software Version: 

Disposition: 

Description: '
FTPserver is running on machine A and user is retrieving file onto machine B.  If user A on machine A does a BTV of FTPSERVER inside of the PSW, user B''s password shows up in COPYBYTES arg PLIST.'
'
[bvm': It is hard to bulletproof the server.  User B''s password is being sent to machine A.  A determined user of machine A could intercept that password no matter what I do.  About all I can do is make it less easy to see the password, especially accidentally.]'


Workaround: 

Test Case: 

Edit-By: Sannella.PA

Edit-Date: 19-Apr-84 15':40':22