Site Manager password security
Posted: 2019-04-04 09:41
I am concerned that Filezilla stores site FTP URLs in the clear and the corresponding password in Base64 encoding in an unencrypted XML file, "sitemanager.xml". This applies even to sites using FTP over TLS. This to me is a potentially serious security breach because, if a person gains access to one's computer or even to a backup copy of this file, the security of access to all one's managed FTP sites would be compromised. This creates the possibility for a malicious person to use such file theft to insert malware into websites or even destroy them altogether.
I would like to suggest that the sitemanager.xml and other related files should be optionally securely encrypted and protected by a user-supplied password used each time the application is opened or maximised. Would the developers consider (or are they considering) such a proposal? Does such a facility exist unkown to me?
Best, Steve.
I would like to suggest that the sitemanager.xml and other related files should be optionally securely encrypted and protected by a user-supplied password used each time the application is opened or maximised. Would the developers consider (or are they considering) such a proposal? Does such a facility exist unkown to me?
Best, Steve.