[issue14984] netrc module allows read of non-secured .netrc file
bruno Piguet
report at bugs.python.org
Wed Oct 9 23:11:33 CEST 2013
bruno Piguet added the comment:
I apologise for coming back to this issue lately, after its closing.
I must have misconfigured something in my tracking system.
Thank-you everybody for the work done, especiallly the careful handling and documenting of the case "only if password is present in file". I recognise my proposed patch was a bit flacky.
However, I don't get the rationale behind the restriction to the sole case where the file is the default .netrc ?
If a clear text password is exposed in any file, it is also a security problem, isn't it ? This specific file might be more difficult to find for an attacker, but not impossible.
Feel free to redirect this discussion to some other place if you want to keep this issue close and still.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14984>
_______________________________________
More information about the Python-bugs-list
mailing list