I am concerned that Filezilla stores site FTP URLs in the clear and the corresponding password in Base64 encoding in an unencrypted XML file, "sitemanager.xml". This applies even to sites using FTP over TLS. This to me is a potentially serious security breach because, if a person gains access to one's computer or even to a backup copy of this file, the security of access to all one's managed FTP sites would be compromised. This creates the possibility for a malicious person to use such file theft to insert malware into websites or even destroy them altogether.
I would like to suggest that the sitemanager.xml and other related files should be optionally securely encrypted and protected by a user-supplied password used each time the application is opened or maximised. Would the developers consider (or are they considering) such a proposal? Does such a facility exist unkown to me?
Best, Steve.
Site Manager password security
Moderator: Project members
-
- 500 Command not understood
- Posts: 1
- Joined: 2019-04-04 09:28
- First name: Steve
- Last name: Appleton
Re: Site Manager password security
You can configure a master password in the settings dialog.
Re: Site Manager password security
Note that if an attacker indeed gets full access to your machine, your problems are far worse than just lost FileZilla passwords. That's really a worst case scenario.
Another note: Please, remember your master password well. FileZilla does not have any recovery backdoor and if you forget the master password, all login data is gone.
Another note: Please, remember your master password well. FileZilla does not have any recovery backdoor and if you forget the master password, all login data is gone.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org