Opened 7 years ago

Closed 7 years ago

#11374 closed Bug report (rejected)

Unable to force FileZilla to use insecure plain FTP in QuickConnect toolbar

Reported by: nrbrtx Owned by:
Priority: high Component: FileZilla Client
Keywords: insecure_ftp, quickconnect Cc: nrbrtx@…
Component version: 3.27.1 Operating system type:
Operating system version: Ubuntu 16.04.3 LTS

Description

I'm using FileZilla since Ubuntu 12.04 LTS - here it was 3.5.3.
Now I upgraded to Ubuntu 16.04 LTS - it has 3.15.0.2.

Steps to reproduce:

  1. Install FTP server which support both connections types - plain FTP and FTPES.
  2. Try to connect in both modes from FileZilla:

2.a. write ftp://server in Host field to connect with plain insecure FTP in QuickConnect toolbar
2.b. write ftpes://server in Host field to connect with explicit FTP over TLS in QuickConnect

Expected results:

  • Previous version (3.5.3 in my case) reacts on user input as expected. It connects as FTP when FTP was requested (ftp://server in Host field) and as FTPES when FTPES was requested (ftpes://server in Host field).

Actual results:

  • Modern FileZilla uses TLS even if user requested plain FTP in QuickConnect field.

I understand that you care about user privacy, but please make FileZilla respect user configuration.
User may want to use plain FTP from QuickConnect bar, not from SiteManager.

Change History (4)

comment:1 by nrbrtx, 7 years ago

Cc: nrbrtx@… added

comment:2 by Tim Kosse, 7 years ago

Resolution: rejected
Status: newclosed

Please update to the most recent version of FIleZilla, we cannot support extremely outdated versions.

comment:3 by nrbrtx, 7 years ago

Component version: 3.15.0.23.27.1
Resolution: rejected
Status: closedreopened

This problem exists in modern FileZilla too.
I tested 3.27.1 under Ubuntu and Windows.
It ignores ftp:// in QuickConnect toolbar.
It is safe but not user-friendly.

Please fix this bug.

comment:4 by Tim Kosse, 7 years ago

Resolution: rejected
Status: reopenedclosed

This is intentional. As plain FTP is insecure it is made hard to use. In a future version there will be warnings you have to click away each time you connect to an FTP server that does not support FTP over TLS.

Note: See TracTickets for help on using tickets.