FileZilla Forums

njpsolid wrote:Its safe using filleZillla. That is why you have preferences. You can clear quickly clear your user cpanel details using the Quickconnect. I dont see why this is an issue.

This is an issue because it goes against every basic security principle out there.

Tim Kosse, it seems that over time you've come to see the wisdom in providing the ability to encrypt site specific passwords, with your Master Password feature. As mentioned, for example, in Site Manager password security.

With Master password enabled (Edit > Settings > Interface > Passwords >) I see (on windows for example) in C:\Users\John\AppData\Roaming\FileZilla\sitemanager.xml values like ...
Presumably an attacker getting access to sitemanager.xml couldn't use the public key and private key to decode an FTP site's password, without also being in possession of the Master Password. Is that right?