Custom Query (8097 matches)
Results (370 - 372 of 8097)
|#5513||fixed||Dragging file from Shell (Desktop) doesn't work|
Attempting to upload a file to an FTP site by dragging from the desktop results in the attached message. It seems the newest version of FileZilla (3.3.4-rc1) is failing to place a slash between the source directory name and the source filename.
|#5530||fixed||Encrypt stored passwords (using file system facilities; NOT master password)|
For Windows Clients, in %appdata%\filezilla\sitemanager.xml the passwords are stored plaintext. This is generally bad security practice, as any malware that is aware of filezilla (as many are aware of and utilize stored passwords in Windows Explorer FTP) can harvest FTP credentials and upload malicious files to any stored webserver FTP addresses.
Windows provides an easy mechanism to encrypt passwords using DPAPI: http://msdn.microsoft.com/en-us/library/ms995355.aspx
Specifically, the two functions of interest are CryptProtectData: http://msdn.microsoft.com/en-us/library/aa380261.aspx and CryptUnprotectData: http://msdn.microsoft.com/en-us/library/aa380261(VS.85).aspx
These functions will handle encryption and key management to store the passwords. They should be used with the optional entropy to further increase the difficulty in other applications extracting that information. If working in .Net the System.Cryptography.ProtectedData class provides managed access to DPAPI so that PINVOKE marshalling is not necessary.
Alternitively sitemanager.xml could be entirely encrypted using AES with the passwords stored in the encrypted file, however the encryption key should be computer/user specific and stored via DPAPI.
Either route comes with drawbacks however - it makes migrating settings to new installs more difficult (can't just copy sitemanager.xml and drop it in the %appdata% directory of the new install) so that is a drawback to be aware of.
In OS X the same functionality is provided via the Keychain API in the functions SecKeychainAddGenericPassword and SecKeychainFindGenericPassword. I am unaware of a linux equivelent
|#5542||fixed||sometimes refuses to update right side|
sometimes filezilla client gets stuck into a mode where it refuses to:
and I don't know if there is any particular sequence that starts this. so my best guess would be to say start looking for logic bugs.