Opened 17 years ago
Last modified 17 years ago
#3144 closed Bug report
No password encryption
| Reported by: | tholau | Owned by: | |
|---|---|---|---|
| Priority: | high | Component: | Other |
| Keywords: | Cc: | tholau, Tim Kosse | |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
All passwords for the server(s) are in the clear in the file sitemanager.xml.
In FileZilla 2.x they are encrypted.
This seems to be a high security risk!
Change History (3)
comment:1 by , 17 years ago
comment:2 by , 17 years ago
Well, easy response...
But good developers shouldn't only rely on others to secure their software!
A simply encrypted password enhances the user's feeling of "having a good, secure software" - and could help to improve portability....
comment:3 by , 17 years ago
a feeling of "having a good, secure software" has nothing to do with security, it are two completely different things. As long as the user doesn't encrypt everything with a resonable password, there is no security.
Note:
See TracTickets
for help on using tickets.
This is by design. It's task of the operating system to protect the user's passwords.