Opened 16 years ago

Last modified 4 years ago

#1795 closed Patch (fixed)

Secure mode for FTP proxy password

Reported by: anonymous Owned by:
Priority: low Component: Other
Keywords: Cc: Eirik, damien.regad@…
Component version: Operating system type: Linux
Operating system version:

Description (last modified by Tim Kosse)

In our company, we access the internet via an ftp proxy
server. This server requires the personal user name and
password. While Filezilla supports a secure mode for
FTP connections (namely not saving any passwords in
its database), it is not possible to keep Filezilla from
saving the proxy password.

As our security guidlines do not allow to save any
password in software on the users machine, we can not
use FileZilla. Therefore it would be hightly desirably if
Filezilla could prompt for the ftp proxy password every
time it makes a connection / every time the program is
loaded.

Attachments (4)

filezilla-3.3.0.1-proxy-password.patch (46.1 KB) - added by Stefan G. 10 years ago.
filezilla-3.3.2.1-proxy-password.patch (37.2 KB) - added by Stefan G. 9 years ago.
filezilla-trunk-working-with-3393.patch (237.3 KB) - added by Stefan G. 9 years ago.
filezilla-trunk-working-with-3943.patch (245.8 KB) - added by Stefan G. 9 years ago.
Bugfix, where GUI didn't update properly when hiding quickconnect

Download all attachments as: .zip

Change History (22)

comment:1 Changed 15 years ago by Eirik

More a feature request than a support request - moved.

comment:2 Changed 11 years ago by Alexander Schuch

Component: OtherFileZilla Client

comment:3 Changed 10 years ago by mmenzer

Priority: normalcritical

Strongly supporting this!

Possible Duplicates: 2232, 2922

comment:4 Changed 10 years ago by Tim Kosse

Priority: criticalnormal

comment:5 Changed 10 years ago by mmenzer

Preferred implementation: a checkbox (in Settings >> Connection >> FTP >> FTP Proxy >> Proxy password) that toggles if the Proxy password should be stored or always be asked for. This setting should be adjustable globally by fzdefaultz.xml also.

Use Case: Jonny uses FileZilla to connect to a FTP-Server in the Internet using an FTP-Proxy. He has to authenticate using his Active Directory User and Password which he uses for every application in his company's network. He should not save his password in clear text for security reasons.

Changed 10 years ago by Stefan G.

comment:6 Changed 10 years ago by Stefan G.

Keywords: ask proxy password added

I made a little patch for this request.
Additional topic in the forum: http://forum.filezilla-project.org/viewtopic.php?f=3&t=14242

It works mainly the way it was described by mmenzer.

comment:7 Changed 9 years ago by Tim Kosse

Type: Feature requestPatch

comment:8 Changed 9 years ago by Tim Kosse

Status: newmoreinfo

Thanks. Can you please update your patch based on the following suggestions?

  • Please adhere to the general code formatting style of the project. In particular: Indentation has to be done using tabs of width 4; there is a space after the if keyword and the opening bracket; no single-line if/else blocks.
  • Lots of changes in the .xrc files that are unrelated to this ticket. Worse, these changes cause lower performance and increased memory usage by adding unneeded IDs (almost not measurable, but they are there)
  • What is the purpose of closing all connection if changing the proxy password?
  • Wouldn't it suffice to simply use the kiosk mode default option to control whether proxy passwords should be saved?

comment:9 Changed 9 years ago by mmenzer

Status: moreinfonew

Concerning point 3:
Since proxy authentication is only done when a ftp connection is established, changing the user and password would require a reconnect so the new credentials are used. I think this is it.
Point 4: Kiosk mode flushes all passwords, except for the proxy password (at least in version 3.1.something). So, it's not sufficient for me or the company I work for.

comment:10 Changed 9 years ago by mmenzer

Status: newmoreinfo

comment:11 Changed 9 years ago by Stefan G.

Status: moreinfonew

1) I will go through my changes and try to fix the coding style.
2) I try to do the changes again by hand. Looks like the tool I used changed too much.
3, 4) mmenzer pointed it out exactly

Changed 9 years ago by Stefan G.

comment:12 Changed 9 years ago by Stefan G.

Fixed the mentioned points 1 and 2

comment:13 Changed 9 years ago by Tim Kosse

Status: newmoreinfo

Unfortunately I cannot apply the patch in its current form, there are still a couple of issues with it:

1) patch still does not adhere to the coding style. Use tabs, not spaces. Missing prefix for member variables and so on.
2) Please use wxDialogEx instead of using wxDialog directly
3) Some of your variables are not initialized
4) FTP proxy and generic proxy are mutually exclusive, yet your code would ask for both
5) Do not print an error in SavePage, you got Validate for that.
6) I still fail to understand why you need to close all connections when changing proxy password. You are after all already connected so the password is not even needed anymore on that connection. I'd simply remove that functionality, its pointless and confusing imho. Or do you give me a _specific_ use case where it matters?
7) I do not understand the logic behind CLoginManager::ActiveProxyConnections, can you explain it please? Why does an active connection to the very same server not count?
8) Cancelling the proxy password prompt does not cancel the connection attempt
9) You do not ask the password if establishing a connection through the queue

comment:14 Changed 9 years ago by Stefan G.

I sent you the wrong file as I just see (renamed the wrong one), sorry for that. I will recheck the other one first before sending it again

2) I used the same widget as you did (loginmanager.cpp Line 36). I will change mine.
4/8) I have to review it again. Looks like I missed something in the patch for the new FZ version.
6) When you're already connected to a server and the connection will be closed due to a timeout, the connection will be established again, when you do some action (eg. switching the directory on the server). But this happens in the engine and not in the interface.
7) the CServer parameter is optional. It is only used in CLoginManager::CachedPasswordFailed. When the connection failes but there is an connection to an other server through the proxy (for this test we net the server with the failed conenction), then the server login information are wrong, not the proxy password and so it don't has to be reset.
9) Do you mean the thing, I tried to explain under 6)? Is there already an event or something that could be cached? Would be helpfull to remove 6)
The problem here was, that CLoginManager::CachedPasswordFailed won't be called, if the connections failes because of a wrong proxy password. This would end in an endless loop. So i decided to make a prompt for closing all connections to prevent this.

comment:15 Changed 9 years ago by Tim Kosse

9) Queue some files, close FileZilla, restart it and click the queue processing button.

comment:16 Changed 9 years ago by dregad

Cc: damien.regad@… added

This feature would be very interesting for me. Is there any news on current status, and maybe estimate of when it can be implemented to the satisfaction of codesquid ?

comment:17 Changed 9 years ago by Stefan G.

Long time ago, since I had time to work on this patch, sorry for that.

I redid the whole patch based on the current trunk and also throw out the dialog, which asked for the passwords. The dialog got replaced by an extra panel under the quicklaunch, which will be displayed as soon as the ask password option is set for an activated proxy.

Some minor improvements have to be done, but all in all I think it is ready to be posted here ;)

The main changes since last patch:

  • Dialog got replaced by panel integrated in the mainframe
  • A warning will be displayed, if you want to start the queue processing, but no password(s) are set
  • A warning will be displayed, if you choose a manual transfer to start directly after confirming the dialog
  • queue icon in the toolbar and also the menuitem for the queue will be reset when the password is not set

I didn't set the new panel next to the quickconnect, because on screens with a resolution of 1024 and lesser you will get some problems with the gui elements.

@codesquid:
1.) You always talk about tabs instead of spaces, but notepad++ definatly shows spaces in nearly all files. I hope it will be ok how notepad++ saved the xrc-files.
2.) What do I have to enable/define/set to display the sitemanager dropdown in the toolbar?

Changed 9 years ago by Stefan G.

Changed 9 years ago by Stefan G.

Bugfix, where GUI didn't update properly when hiding quickconnect

comment:18 Changed 4 years ago by Tim Kosse

Description: modified (diff)
Keywords: LOL FILEZILLA IS SMELLED LIKE POOP?!?!?!? removed
Operating system version: LOL FILEZILLA IS SMELLED LIKE POOP?!?!?!?
Summary: LOL FILEZILLA IS SMELLED LIKE POOP?!?!?!?Secure mode for FTP proxy password
Type: Bug reportPatch
Note: See TracTickets for help on using tickets.