Custom Query (8105 matches)

This request is in reference to a Bug Tracker artifact about the plain text password for the FileZilla Server Interface. Refer to the following URL for the artifact: ​https://sourceforge.net/tracker/?group_id=21558&atid=372241&func=detail&aid=1275925

Basically, it has been stated that the interface password appearing in plain text is by design, due to the authentication method used between server and interface.

While it is possible to maintain security of the server by ensuring proper file/folder permissions are set, thus denying access to the file by non-administrators, this would only work if everything remained on the same system. If one were to use the interface from a remote system, through the Internet, and the remote system did not have sufficient file/folder permissions, a security risk then arises. It would theoretically be possible for anyone to obtain the server administrator password, access the server, change any user password they wanted, then log in as that user and retrieve any file that user has access to.

In order to plug this hole, local administrators would have to make sure there is absolutely no possible way to access the server configuration file by non-administrators. Remote administrators would have to either do the same for the interface configuration file, or remember to delete or edit the interface configuration file to ensure the password cannot be obtained by non-administrators.

As stated in the referenced Bug Tracker artifact, an MD5 hash for this password is not possible. My request is simply what about another obfuscation method? I've dabbled with obfuscation in Perl scripts I've written.

I know there are many methods of encoding secret text. The e-mail server I use supports a secure, encoded

challenge-response authentication, which suggests it is possible to encode secret text used for authentication.

So, isn't it possible that there is at least one obfuscation method that could work with the current authentication method in FileZilla Server and its interface?

I'm a graphic designer and want to help to make FileZilla look more modern and professional.

If you provide me the exact guidelines/FileZilla's "corporate identity", I'll create the logo to completely comply with Filezilla's but also Apple's new design.

I'm aware that this is a difficult process but please give me a feedback on this. Would be awesome to participate!

Attached you find a really quick mockup, so that you get an idea of what I'm talking about.

Dear FileZilla Team:

I am getting an error while connecting to SFTP server from Filezilla, hope you could help me. Please find the error below:

"server host key did not match the signature supplied"