Opened 23 years ago
Last modified 11 years ago
#1605 reopened Feature request
optionally show passwords in Site Manager and in Quickconnect
Reported by: | sthingp | Owned by: | Alexander Schuch |
---|---|---|---|
Priority: | normal | Component: | FileZilla Client |
Keywords: | Cc: | sthingp, Alexander Schuch, hudu90, carlo, elsapo, kousstapa | |
Component version: | Operating system type: | ||
Operating system version: |
Description
I would like to have an option to NOT hide the passwords in
sitemanager. I know this is a security risk and of course the default
should be hidden, but in my case my accounts are not that super
classified. By showing passwords in the sitemanager I will have a
"personal database" (or address book if you like) of my ftp-
accounts, and if I need to use another program or in any other way use
an account outside of FileZilla, I can always look to FileZilla for
the correct account-information. Otherwise I would have to look for
the account-information in mails, hardcopies from ISPs, ICQ
messages - u name it.
Change History (14)
comment:1 by , 21 years ago
comment:2 by , 21 years ago
I really would like to see this feature added. I have been
using on a commercial FTP client and it is really very nice.
I don't think a note field would be the same thing.
Also, I don't think it would be so difficult for a cheap
hacker to extract the passwords from the XML file, since the
source of FileZilla is available.
comment:3 by , 19 years ago
You can use Visual C++, or Resource Hacker, to edit the
dialogs and turn off the "password" style bit on the
password edit boxes. I've done that, and posted the modified
executables here:
comment:4 by , 17 years ago
FileZilla 3 stores the passwords (unencrypted) in plain text. It is up to the user to properly protect the configuration files, see my comment at the following tracker item:
[ 1191554 ] Ftp sites passwords
@hudu90:
The FileZilla 3 Site Manager offers a free-form "comments" text-field for each Site Manager item.
Closing this feature request.
comment:5 by , 17 years ago
So to put it short: passwords are not shown inside FileZilla 3, but if you need to get them, you can check the configuration file where the passwords are stored (unencrypted) in plain text.
comment:6 by , 14 years ago
Status: | closed → reopened |
---|
I would like this feature also. Coming from FlashFXP I'm used to being able to see all my passwords, but here I need to keep them in a seperate file somewhere, really annoying.
comment:7 by , 12 years ago
Summary: | Not-hiding passwords in sitemanager → optionally show passwords in sitemanager |
---|
comment:8 by , 11 years ago
Operating system type: | → Windows |
---|---|
Operating system version: | → 7, 8, 8.1 |
Priority: | normal → blocker |
Hello,
Any ETA on this must have feature? I'm not saying but it was requested 11 years ago (!!) and is still missing from FileZilla, which prevents my company to use it as the main FTP software :(
We're using a commercial FTP client ("FTP Expert") which displays all passwords in clear text, but we're looking to switch to FileZilla for its multithread support. However hiding all passwords is kind of stupid!
Please let me know if and when you're planning to simply show passwords, like on any other software with a minimum sense of usability (I could cite Google Chrome for example which shows all passwords in clear).
Thank you
PS: Changing to "blocker" because A) It blocks my company from using FileZilla and B) Because it's been 11 years on "normal" which seems inefficient.
comment:9 by , 11 years ago
Priority: | blocker → normal |
---|
If you want to get the password, either have a look at the XML configuration file, or simply export the Site Manager data. Passwords are visible in plain-text there.
comment:10 by , 11 years ago
Summary: | optionally show passwords in sitemanager → optionally show passwords in Site Manager |
---|
comment:11 by , 11 years ago
Operating system version: | 7, 8, 8.1 → all |
---|---|
Priority: | normal → critical |
Summary: | optionally show passwords in Site Manager → Always show passwords in Site Manager and everywhere else |
Type: | Feature request → Bug report |
@ci-dev we are not retards. You said that already 6 years ago 2 comments above mine. We all know that the passwords are stored in clear in the following file:
%AppData%/FileZilla/sitemanager.xml
You completely miss what is requested here. The same way as you closed http://trac.filezilla-project.org/ticket/5224 and http://trac.filezilla-project.org/ticket/7387
The fact that passwords are available in a separate XML file is totally irrelevant to what is being requested here for more than 11 years.
Simply put, stop hiding useful information (i.e. stored passwords) from the user. Firefox, Chrome, FTP Expert, FlashFXP, and many more well known software all show passwords. Stop stupidly hide them, it's pure nonsense!!! And PLEASE stop misleading people with your lazy reply "look at the XML configuration file". Address this bug once and for all, today.
Changing to critical because it's been 11 years, again, the "normal" status doesn't seem to be effective.
Changed to "Bug report" because it's more a bug than a feature request. Showing passwords is not a feature, it's basic usability.
Thank you
comment:12 by , 11 years ago
Operating system type: | Windows |
---|---|
Operating system version: | all |
Priority: | critical → normal |
Type: | Bug report → Feature request |
This problem is not critical as it for example does not allow an evil person to get into your computer. This not a bug as the implementation is the way it is intended. This is a feature request. This is not related to Windows, as this feature applies to all versions of FileZilla.
Protip: Offering a patch is more useful than changing the priority of a tracker item.
comment:13 by , 11 years ago
Summary: | Always show passwords in Site Manager and everywhere else → optionally show passwords in Site Manager |
---|
And by the way, the people over at #2935 completely disagree with you.
comment:14 by , 11 years ago
Cc: | added |
---|---|
Summary: | optionally show passwords in Site Manager → optionally show passwords in Site Manager and in Quickconnect |
@ci-dev for information, I also totally agree with "the people over at #2935", which I'm sure agree with me too. Are you sure that you understand what is being requested?
Firefox offers a Master Password and display passwords in clear text BOTH AT THE SAME TIME, how do you explain that? is it surreal?
The same goes for Google Chrome, it offers a very strong security by preventing access to the passwords from other windows-users (i.e. once logged off, the passwords are encrypted), while also show the passwords in clear text to the user.
Are you a developer "ci-dev"? No personal attack here, but it seems to me that you have absolutely no sense of both security and user-friendly experience.
Storing all passwords in clear into an XML file != security
Hiding passwords into the application user interface != security
Hiding passwords into the application user interface != user-friendly
This is basic logic.
Would it be good to have a "note" field for each site in the
SiteManager? Then you can put whichever info you want to
be there.