On Sun, 19 Jun 2011 12:14:50 -0500 Tim ignored_mailbox@yahoo.com.au wrote:
Tim:
But why? One of the main points of scripting is automation.
Ranjan Maitra:
Yes, but then it gets hardcoded in your .fetchmailrc file in plain text. Is that desirable?
Who else gets to see *your* .fetchmailrc file? In the normal run of things, these days, your homespace isn't accessible to other users, neither are the files in it. If it is, then you've got plenty of other security concerns to worry about.
I guess I worry that there is always the chance that the account may be broken into and compromised.....
And if you're not using an encrypted connection, your password is (often) transmitted in clear text, anyway. That's far more susceptible to snooping than a file stored on your computer. Likewise with various other /rather dumb/ authentication protocols.
I use ssl. Not sure if that takes into account your concerns, but in any case, the one-time transmittal (in clear text if so, though doubtful) seems to me may be a tad bit less worrisome than passwords (assuredly clear-text) in an omnipresent .fetchmailrc.
I would rather have it prompt for the few times I have to initiate the process....
Well, as I said, try it and see what happens.
Not clear how this pertains to my response.
You asked in your earlier e-mailed response (to someone else) why one would choose to not include the password in clear text in the .fetchmailrc. I wrote one possible reasoning which is also my concern. Unfortunately, I am not sure that your response indicates that my concerns are not valid.
Of course, as is the beauty of linux, to each his own...
Ranjan