Opened 23 years ago

Last modified 11 years ago

#1605 reopened Feature request

optionally show passwords in Site Manager and in Quickconnect

Reported by: sthingp Owned by: Alexander Schuch
Priority: normal Component: FileZilla Client
Keywords: Cc: sthingp, Alexander Schuch, hudu90, carlo, elsapo, kousstapa
Component version: Operating system type:
Operating system version:

Description

I would like to have an option to NOT hide the passwords in
sitemanager. I know this is a security risk and of course the default
should be hidden, but in my case my accounts are not that super
classified. By showing passwords in the sitemanager I will have a
"personal database" (or address book if you like) of my ftp-
accounts, and if I need to use another program or in any other way use
an account outside of FileZilla, I can always look to FileZilla for
the correct account-information. Otherwise I would have to look for
the account-information in mails, hardcopies from ISPs, ICQ
messages - u name it.

Change History (14)

comment:1 by hudu90, 21 years ago

Would it be good to have a "note" field for each site in the
SiteManager? Then you can put whichever info you want to
be there.

comment:2 by carlo, 21 years ago

I really would like to see this feature added. I have been
using on a commercial FTP client and it is really very nice.
I don't think a note field would be the same thing.
Also, I don't think it would be so difficult for a cheap
hacker to extract the passwords from the XML file, since the
source of FileZilla is available.

comment:3 by elsapo, 19 years ago

You can use Visual C++, or Resource Hacker, to edit the
dialogs and turn off the "password" style bit on the
password edit boxes. I've done that, and posted the modified
executables here:

http://www.geocities.com/filezillapass/FileZillaPass.html

comment:4 by Alexander Schuch, 17 years ago

FileZilla 3 stores the passwords (unencrypted) in plain text. It is up to the user to properly protect the configuration files, see my comment at the following tracker item:
[ 1191554 ] Ftp sites passwords

@hudu90:
The FileZilla 3 Site Manager offers a free-form "comments" text-field for each Site Manager item.

Closing this feature request.

comment:5 by Alexander Schuch, 17 years ago

So to put it short: passwords are not shown inside FileZilla 3, but if you need to get them, you can check the configuration file where the passwords are stored (unencrypted) in plain text.

comment:6 by i_use_gmail, 13 years ago

Status: closedreopened

I would like this feature also. Coming from FlashFXP I'm used to being able to see all my passwords, but here I need to keep them in a seperate file somewhere, really annoying.

comment:7 by Alexander Schuch, 12 years ago

Summary: Not-hiding passwords in sitemanageroptionally show passwords in sitemanager

comment:8 by kousstapa, 11 years ago

Operating system type: Windows
Operating system version: 7, 8, 8.1
Priority: normalblocker

Hello,

Any ETA on this must have feature? I'm not saying but it was requested 11 years ago (!!) and is still missing from FileZilla, which prevents my company to use it as the main FTP software :(

We're using a commercial FTP client ("FTP Expert") which displays all passwords in clear text, but we're looking to switch to FileZilla for its multithread support. However hiding all passwords is kind of stupid!

Please let me know if and when you're planning to simply show passwords, like on any other software with a minimum sense of usability (I could cite Google Chrome for example which shows all passwords in clear).

Thank you

PS: Changing to "blocker" because A) It blocks my company from using FileZilla and B) Because it's been 11 years on "normal" which seems inefficient.

comment:9 by Alexander Schuch, 11 years ago

Priority: blockernormal

If you want to get the password, either have a look at the XML configuration file, or simply export the Site Manager data. Passwords are visible in plain-text there.

comment:10 by Alexander Schuch, 11 years ago

Summary: optionally show passwords in sitemanageroptionally show passwords in Site Manager

comment:11 by kousstapa, 11 years ago

Operating system version: 7, 8, 8.1all
Priority: normalcritical
Summary: optionally show passwords in Site ManagerAlways show passwords in Site Manager and everywhere else
Type: Feature requestBug report

@ci-dev we are not retards. You said that already 6 years ago 2 comments above mine. We all know that the passwords are stored in clear in the following file:

%AppData%/FileZilla/sitemanager.xml

You completely miss what is requested here. The same way as you closed http://trac.filezilla-project.org/ticket/5224 and http://trac.filezilla-project.org/ticket/7387

The fact that passwords are available in a separate XML file is totally irrelevant to what is being requested here for more than 11 years.

Simply put, stop hiding useful information (i.e. stored passwords) from the user. Firefox, Chrome, FTP Expert, FlashFXP, and many more well known software all show passwords. Stop stupidly hide them, it's pure nonsense!!! And PLEASE stop misleading people with your lazy reply "look at the XML configuration file". Address this bug once and for all, today.

Changing to critical because it's been 11 years, again, the "normal" status doesn't seem to be effective.

Changed to "Bug report" because it's more a bug than a feature request. Showing passwords is not a feature, it's basic usability.

Thank you

comment:12 by Alexander Schuch, 11 years ago

Operating system type: Windows
Operating system version: all
Priority: criticalnormal
Type: Bug reportFeature request

This problem is not critical as it for example does not allow an evil person to get into your computer. This not a bug as the implementation is the way it is intended. This is a feature request. This is not related to Windows, as this feature applies to all versions of FileZilla.

Protip: Offering a patch is more useful than changing the priority of a tracker item.

comment:13 by Alexander Schuch, 11 years ago

Summary: Always show passwords in Site Manager and everywhere elseoptionally show passwords in Site Manager

And by the way, the people over at #2935 completely disagree with you.

comment:14 by kousstapa, 11 years ago

Cc: kousstapa added
Summary: optionally show passwords in Site Manageroptionally show passwords in Site Manager and in Quickconnect

@ci-dev for information, I also totally agree with "the people over at #2935", which I'm sure agree with me too. Are you sure that you understand what is being requested?

Firefox offers a Master Password and display passwords in clear text BOTH AT THE SAME TIME, how do you explain that? is it surreal?

The same goes for Google Chrome, it offers a very strong security by preventing access to the passwords from other windows-users (i.e. once logged off, the passwords are encrypted), while also show the passwords in clear text to the user.

Are you a developer "ci-dev"? No personal attack here, but it seems to me that you have absolutely no sense of both security and user-friendly experience.

Storing all passwords in clear into an XML file != security
Hiding passwords into the application user interface != security
Hiding passwords into the application user interface != user-friendly

This is basic logic.

Note: See TracTickets for help on using tickets.