sitemanager.xml clear passwords
Moderator: Project members
sitemanager.xml clear passwords
Hi,
I analyzed sitemanager.xml and I'm surprised : passwords are clear stored !
With FileZilla 2, there are encrypted and It can help to protect them (better than nothing).
That feature is planned ? or not ?
Thanks
I analyzed sitemanager.xml and I'm surprised : passwords are clear stored !
With FileZilla 2, there are encrypted and It can help to protect them (better than nothing).
That feature is planned ? or not ?
Thanks
Re: sitemanager.xml clear passwords
This is by design, it is the task of the operating system to protect your private data.
Re: sitemanager.xml clear passwords
OK no problem, I already protected my data
Re: sitemanager.xml clear passwords
In fact the problem is caused by the OS and its ACLs. In the case of vista, the ACLs force the 'userization' of data into folders such as 'Application Data' , and it is this which leads to password hashes, etc ending-up in all sorts of dark corners of the filesystem. This makes it very hard to uninstall a userized app with confidence. Most uninstall-routines in fact cannot handle this situation, and end-up leaving sensitive data in userprofiles when the app is removed. This is not the fault of the uninstaller but of the OS design, which makes it impossible to tell whether multiple userprofiles contain program-fragments.This is by design, it is the task of the operating system to protect your private data.
IMHO the older arrangement of storing the XML file in the program's folder far more secure, especially as it made it possible to remove all sensiitve data from a computer with confidence. However, app-coders can do little but comply with Microsoft's 'userization' demands, or else ditch Vista support!
Anyhow, my question is: does anyone know how to switch (the older releases with this feature) into 'secure mode' where no passwords are saved?
Re: sitemanager.xml clear passwords
This is the feature I'm waiting for the most.Anteaus wrote:Anyhow, my question is: does anyone know how to switch (the older releases with this feature) into 'secure mode' where no passwords are saved?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: sitemanager.xml clear passwords
Rejoice, next version will have this feature again. Will be called kiosk mode though.Anyhow, my question is: does anyone know how to switch (the older releases with this feature) into 'secure mode' where no passwords are saved?
Re: sitemanager.xml clear passwords
Tried kiosk mode, works great. But there is a small problem with it. Filezilla correctly writes all data to disk except passwords. But it doesn't ask the password in case it is required again next session. Old Quickconnect entries become invalid because Filezilla sends an empty password string.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: sitemanager.xml clear passwords
The entries are still valid. The dropdown handler just did not ask for the password.
Re: sitemanager.xml clear passwords
So it will ask in the next version?
The main problem is already solved for me: passwords aren't saved anymore.
The main problem is already solved for me: passwords aren't saved anymore.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: sitemanager.xml clear passwords
Will try the next nightly, then.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 3
- Joined: 2008-11-17 11:14
- First name: Vladislav
- Last name: Rastrusny
Re: sitemanager.xml clear passwords
It would be good if we could at least MOVE the sitemanager.xml file into another folder. I am using software to create a virtual secret drive on my PC. So, I would like to move this file to encrypted drive, but it seems, there is no way to do that in FileZilla.
That is not quite right. I would like to ensure my private data is secure even if my PC is stolen. No OS can protect from that. Only encryption. The good move might be to encrypt the whole system drive, but this solution seems quite radical for me now. At this step I would like to use encrypted virtual drives for sensitive data.This is by design, it is the task of the operating system to protect your private data.
Re: sitemanager.xml clear passwords
A good OS has encrypted filesystems. Even Windows has built-in filesystem encryption!
-
- 500 Command not understood
- Posts: 3
- Joined: 2008-11-17 11:14
- First name: Vladislav
- Last name: Rastrusny
Re: sitemanager.xml clear passwords
Really? Is Windows really good OS? Do you know how many bugs were found in this EFS implementation? I don't trust Microsoft.botg wrote:A good OS has encrypted filesystems. Even Windows has built-in filesystem encryption!
EFS is especially weak in earlier Windows versions. 40 or 56 bit key length.... Eh...
Especially with such tools: http://www.crackpassword.com/products/prs/mswin/efs/ EFS is a crap.
I don't think you should relate all security problems of FileZilla to Microsoft. There is still something YOU can do.
Re: sitemanager.xml clear passwords
Yes, I can refuse to throw money at Microsoft and just use Linux instead