updated filezilla and then server got compromised
Moderator: Project members
Re: updated filezilla and then server got compromised
You can disable saving of passwords in the settings dialog of FileZilla if you do not wish to store passwords.
-
ftanner
- 503 Bad sequence of commands
- Posts: 20
- Joined: 2013-08-07 16:17
- First name: Frank
- Last name: Tanner
Re: updated filezilla and then server got compromised
Your logic is like saying, "Why put locks on my house or car because someone can throw a rock through a window and get in."botg wrote:You can disable saving of passwords in the settings dialog of FileZilla if you do not wish to store passwords.
Re: updated filezilla and then server got compromised
Exactly the opposite. My stance is that you need to protect your home, then you don't have to wrap all your tableware in bubblewrap. However if you let a crazed elephant in musth into your home, then not even the bubble wrap will help.
-
ftanner
- 503 Bad sequence of commands
- Posts: 20
- Joined: 2013-08-07 16:17
- First name: Frank
- Last name: Tanner
Re: updated filezilla and then server got compromised
Yours is a flawed analogy...botg wrote:Exactly the opposite. My stance is that you need to protect your home, then you don't have to wrap all your tableware in bubblewrap. However if you let a crazed elephant in musth into your home, then not even the bubble wrap will help.
Despite having door locks, someone can put a rock through your window and steal your possessions. THAT is the correct analogy.
Someone can have a secured system and STILL be compromised through a buggy app, such as a web browser. THIS is why your password file should be encrypted. Security through LAYERS.
Why don't you just admit it and say that you don't give a shit about the users of your software. Because if you did, encrypting the password file as an ADDED layer of security is trivial and you would implement it. putty has it. Keepass has it. Linux has it. Firefox has it. Chrome has it. Even Internet Explorer has it. Just about every other piece of software on the planet that stores passwords has it. Your software doesn't have it.
You're spending more time arguing why it's not your concern than it would actually take to implement it to make people happy. That is the telling action about your feelings towards the users of your software.
Re: updated filezilla and then server got compromised
So why are you using cheap glass that breaks with the first stone?
-
ftanner
- 503 Bad sequence of commands
- Posts: 20
- Joined: 2013-08-07 16:17
- First name: Frank
- Last name: Tanner
Re: updated filezilla and then server got compromised
Really??botg wrote:So why are you using cheap glass that breaks with the first stone?
That's your answer??
I'm done with this conversation. You're being willfully stupid. I say stupid rather than ignorant because ignorance can be solved, usually by education. Stupid is intentional.
You *KNOW* that people don't like you saving the password file in an unencrypted format. You *KNOW* that it is trivial to solve that. You *KNOW* that other Open Source and Closed Source projects don't save their password files in an unencrypted format. Yet you intentionally *CHOOSE* to do nothing about it.
That, my friend, is the textbook definition of stupid.
Re: updated filezilla and then server got compromised
I know, that's why you can disable saving of passwords in the settings dialog of FileZilla.You *KNOW* that people don't like you saving the password file in an unencrypted format