questions about the new FileZilla Server v.1.0.0
Moderator: Project members
-
- 504 Command not implemented
- Posts: 6
- Joined: 2008-07-23 22:47
- First name: werner
- Last name: meier
questions about the new FileZilla Server v.1.0.0
Hi,
is there any way to migrate the settings of the old 0.9.60 - installation to the latest 1.0.0?
Next i checked the content of C:\Users\BLA\AppData\Local\filezilla-server-gui\settings.xml
and what I saw is:
-------------snip----------------
<filezilla>
<!--Information about the FileZilla FTP servers to connect to.-->
<server>
<name>127.0.0.1</name>
<host>127.0.0.1</host>
<port>14148</port>
<password>CLEAR-TEXT-PASSWORD-HERE</password>
<fingerprint>bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla</fingerprint>
</server>
-------------snap----------------
And so my second question is just as follows: Why?!?
And the last one: Why is it not possible anymore to minimize the new admin-interface to system-tray?
thanks in advance
IQI
is there any way to migrate the settings of the old 0.9.60 - installation to the latest 1.0.0?
Next i checked the content of C:\Users\BLA\AppData\Local\filezilla-server-gui\settings.xml
and what I saw is:
-------------snip----------------
<filezilla>
<!--Information about the FileZilla FTP servers to connect to.-->
<server>
<name>127.0.0.1</name>
<host>127.0.0.1</host>
<port>14148</port>
<password>CLEAR-TEXT-PASSWORD-HERE</password>
<fingerprint>bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla:bla</fingerprint>
</server>
-------------snap----------------
And so my second question is just as follows: Why?!?
And the last one: Why is it not possible anymore to minimize the new admin-interface to system-tray?
thanks in advance
IQI
Re: questions about the new FileZilla Server v.1.0.0
This should already happen (for 0.9.60 servers installed by the standard installer). When I installed 1.0.0 (-rc1 back then), it did migrate the old settings.Hi,
is there any way to migrate the settings of the old 0.9.60 - installation to the latest 1.0.0?
Why not? That password is only used for connecting the admin interface to the server engine, and it's only ever stored on your user profile. No other user has access to it.And so my second question is just as follows: Why?!?
Because it's not implemented, yet, but planned.And the last one: Why is it not possible anymore to minimize the new admin-interface to system-tray?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 6
- Joined: 2008-07-23 22:47
- First name: werner
- Last name: meier
Re: questions about the new FileZilla Server v.1.0.0
Malware exists.Why not? That password is only used for connecting the admin interface to the server engine, and it's only ever stored on your user profile. No other user has access to it.
And malware loves such pre-defined file-locations where it can search for plain-text passwords in files.
The bad thing is not the fact that someone maybe getting access to the admin-interface. That is not a critical issue.
But what really make me worry about is the fact that not all users will generate a random exclusive admin-interface password.
Instead they will simply use one of their favourite 4-5 passwords and type them in. Let it be laziness or whatever.
Is it that difficult to make your program save it in a hashed or salted-hashed way - as other programs do?
Re: questions about the new FileZilla Server v.1.0.0
Unless you are doing any remote administration of the server, the password is optional. By default, it is blank.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: questions about the new FileZilla Server v.1.0.0
Hi,iqigravity wrote: ↑2021-09-14 22:08Is it that difficult to make your program save it in a hashed or salted-hashed way - as other programs do?
The password is saved hashed and salted, in the FileZilla Server settings (look at C:\Users\BLA\AppData\Local\filezilla-server\settings.xml), but the Administration UI must have access to a un-hashed and un-salted version of it to be able to transmit it over to the Server.
It could be encrypted, but you'd then need another password to unencrypt it at least when the Administration UI is started, which wouldn't be much less effort than just not saving the administration password in the first place.
Which takes us to another point: if you have reasons to believe that saving the admin password in clear in the Admin UI configuration file is not desired, you have the option to not save the password at all.
Mind you, that the old server administration behaved the same way.
Re: questions about the new FileZilla Server v.1.0.0
Small addendum: Most users will install the server as a system service. The settings for the service are stored elsewhere.
Code: Select all
C:\Windows\System32\config\systemprofile\AppData\Local\filezilla-server
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: questions about the new FileZilla Server v.1.0.0
You could employ the same mechanism used by FileZilla to obfuscate the password. Some users easily panic each time they see their passwords stored in clear text.
Since using obfuscation in FileZilla, no questions of that type have been asked, again.
Since using obfuscation in FileZilla, no questions of that type have been asked, again.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: questions about the new FileZilla Server v.1.0.0
It is already obfuscated with double-ROT13.