I installed Filezilla Server (latest version, Windows XP) and set the administrator password. After doing this I set up a single user account. I tried to set the password for this account. The Administrator says the settings have been saved, but when I look at the password field again it contains a very long (about 30 characters) password, which is not the one I set (which was about 10 characters). Obviously since I don't know this password I can't use the account and filezilla server. I had filezilla server working briefly before but now it does this all the time. I have tried re-installing.
This seems like a very basic problem so I'm sorry if someone has already mentioned it somewhere or if there is an obvious solution.
Can't set password in Filezilla Server
Moderator: Project members
-
kingmonkey
- 500 Command not understood
- Posts: 2
- Joined: 2006-06-05 14:31
Err, did you actually try to CONNECT to your server with that account?
FZS does *NOT* alter your password in any way. The reason why it seems to change is simple: FZS doesn't save your password in plaintext, it saves a MD5 hash of the password. If you peek at your settings again, all you're seeing is the length of the stored hash, which is 32 bytes (you see 32 asterisks). Your password does work (it never failed for me).
Actually I find that feature very good, intended or not. Nobody can derive your password from it's length. It always shows 32 chars. I would keep it that way.
boco
P.S. In case I'm wrong, someone correct me. And... sorry for bad English.
FZS does *NOT* alter your password in any way. The reason why it seems to change is simple: FZS doesn't save your password in plaintext, it saves a MD5 hash of the password. If you peek at your settings again, all you're seeing is the length of the stored hash, which is 32 bytes (you see 32 asterisks). Your password does work (it never failed for me).
Actually I find that feature very good, intended or not. Nobody can derive your password from it's length. It always shows 32 chars. I would keep it that way.
boco
P.S. In case I'm wrong, someone correct me. And... sorry for bad English.
-
kingmonkey
- 500 Command not understood
- Posts: 2
- Joined: 2006-06-05 14:31
Ah - sorry for the dumb question. I had tried to connect but I must have typed in the password wrong and I didn't try again because I thought the password hadn't been set propertly. Actually it must have been working fine. Thanks for explaining that.
Personally, I think the the number of stars in the password field is a bug, not a feature, because it is conventional for the number of stars to reflect the lengh of the password. Also, I don't know why you want to hide the user password in the administrator as anyone who is using the administrator can simply reset the user password without knowing the current user password. Still, this is not important to me now and in general it's a great program.
Personally, I think the the number of stars in the password field is a bug, not a feature, because it is conventional for the number of stars to reflect the lengh of the password. Also, I don't know why you want to hide the user password in the administrator as anyone who is using the administrator can simply reset the user password without knowing the current user password. Still, this is not important to me now and in general it's a great program.
It's part of the security requirements that MD5 is fulfilling. An "administrator" can reset a password at will, but should never know what the actual password is that the "user" has set. Obsecuring the actual length of the password is part of "protecting" the user's password strategy (yes, even from the "administrator").
Microsoft MVP (2004 through 2008)