Opened 12 years ago

Last modified 12 years ago

#3144 closed Bug report

No password encryption

Reported by: tholau Owned by:
Priority: high Component: Other
Keywords: Cc: tholau, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

All passwords for the server(s) are in the clear in the file sitemanager.xml.
In FileZilla 2.x they are encrypted.

This seems to be a high security risk!

Change History (3)

comment:1 Changed 12 years ago by Tim Kosse

This is by design. It's task of the operating system to protect the user's passwords.

comment:2 Changed 12 years ago by tholau

Well, easy response...
But good developers shouldn't only rely on others to secure their software!
A simply encrypted password enhances the user's feeling of "having a good, secure software" - and could help to improve portability....

comment:3 Changed 12 years ago by Tim Kosse

a feeling of "having a good, secure software" has nothing to do with security, it are two completely different things. As long as the user doesn't encrypt everything with a resonable password, there is no security.

Note: See TracTickets for help on using tickets.