Security
Moderator: Project members
-
- 500 Command not understood
- Posts: 2
- Joined: 2013-02-28 15:48
- First name: Hans
Security
FielZilla creates a folder unter user->appdata->roaming. In this folder there is a file called sitemanager.xml und here I see my password in clear text. A hacker (or trojaner) on my PC can use this password and can overwrite my websites!
Please change this.
Thanks and best wishes,
Hans
Please change this.
Thanks and best wishes,
Hans
Re: Security
And? Even if no passwords are stored, a hacker (or trojaner) on your PC can get your passwords the moment you enter them. You need to prevent infection in the first place.
Re: Security
Once a hacker (or trojaner) gets onto your PC it's too late already.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 2
- Joined: 2013-02-28 15:48
- First name: Hans
Re: Security
--------botg wrote:And? Even if no passwords are stored, a hacker (or trojaner) on your PC can get your passwords the moment you enter them. You need to prevent infection in the first place.
That's obvious. But many trojaner are not recognized in the first step and some ar so sophisticated that they never will be detected. I think the FileZilla programmers should encrypt the password on this file.
Re: Security
And you really think such a sophisticated trojan will be stopped by a simple obfuscation in the settings file?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 3
- Joined: 2013-03-12 11:32
- First name: Lion
- Last name: MSGSYSTEMS
Re: Security
how about crypting passwort by using a master password which is set by the user and is NOT stored at all ?! + private FileZilla password to make the master password secure even if it is not that long..?
@botg when i use ssl/FTPS[...] and the password is stored in file zilla in a secure way he would get nothing, even with a trojan on the PC...
think befor you post...
@botg when i use ssl/FTPS[...] and the password is stored in file zilla in a secure way he would get nothing, even with a trojan on the PC...
think befor you post...
Re: Security
Wrong. In order for a password to be sent to the server it has to be decrypted in memory on that machine first. FTP over TLS/SSL only protects against man-in-the-middle-attacks, it provides no endpoint protection. Malware on a machine is able to do anything the user account it runs under is. FileZilla runs under your user account. As soon as the passwords are entered or decrypted the malware grabs them from memory. Easy as pie.
Any system that has or had a malware on it must be regarded as being compromised!
Any system that has or had a malware on it must be regarded as being compromised!
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
- kachi
- 500 Command not understood
- Posts: 1
- Joined: 2013-03-23 12:02
- First name: Onyekachi
- Last name: Ogbonna
- Location: Nigeria
Re: Security
You have to protect Hackers from entering your PC,just as you have said that your "password is open and clear" even if it is encrypted, they can decrypt it once they find their way into your database.
Regards,
Kachi
Kachi
-
- 500 Command not understood
- Posts: 2
- Joined: 2013-03-26 12:37
Re: Security
But having some sort of encrypted password would make it just that little big more difficult, don't you think?boco wrote:And you really think such a sophisticated trojan will be stopped by a simple obfuscation in the settings file?
Re: Security
No, it would not. Imagine you're a computer. You can do billions of operations per second. To circumvent a simple obfuscation is a matter of milliseconds, if not faster.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org