Custom Query (8097 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (370 - 372 of 8097)

Ticket Resolution Summary Owner Reporter
#5513 fixed Dragging file from Shell (Desktop) doesn't work J Levine
Description

Attempting to upload a file to an FTP site by dragging from the desktop results in the attached message. It seems the newest version of FileZilla (3.3.4-rc1) is failing to place a slash between the source directory name and the source filename.

#5530 fixed Encrypt stored passwords (using file system facilities; NOT master password) Josh
Description

For Windows Clients, in %appdata%\filezilla\sitemanager.xml the passwords are stored plaintext. This is generally bad security practice, as any malware that is aware of filezilla (as many are aware of and utilize stored passwords in Windows Explorer FTP) can harvest FTP credentials and upload malicious files to any stored webserver FTP addresses.

Windows provides an easy mechanism to encrypt passwords using DPAPI: http://msdn.microsoft.com/en-us/library/ms995355.aspx

Specifically, the two functions of interest are CryptProtectData: http://msdn.microsoft.com/en-us/library/aa380261.aspx and CryptUnprotectData: http://msdn.microsoft.com/en-us/library/aa380261(VS.85).aspx

These functions will handle encryption and key management to store the passwords. They should be used with the optional entropy to further increase the difficulty in other applications extracting that information. If working in .Net the System.Cryptography.ProtectedData class provides managed access to DPAPI so that PINVOKE marshalling is not necessary.

Alternitively sitemanager.xml could be entirely encrypted using AES with the passwords stored in the encrypted file, however the encryption key should be computer/user specific and stored via DPAPI.

Either route comes with drawbacks however - it makes migrating settings to new installs more difficult (can't just copy sitemanager.xml and drop it in the %appdata% directory of the new install) so that is a drawback to be aware of.

In OS X the same functionality is provided via the Keychain API in the functions SecKeychainAddGenericPassword and SecKeychainFindGenericPassword. I am unaware of a linux equivelent

#5542 fixed sometimes refuses to update right side Jim Michaels
Description

sometimes filezilla client gets stuck into a mode where it refuses to:

  • after changing the right side directory, update the right side
  • click refresh button, refresh the right side

and I don't know if there is any particular sequence that starts this. so my best guess would be to say start looking for logic bugs.

Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.