Opened 16 years ago

Last modified 16 years ago

#3144 closed Bug report

No password encryption

Reported by: tholau Owned by:
Priority: high Component: Other
Keywords: Cc: tholau, Tim Kosse
Component version: Operating system type:
Operating system version:


All passwords for the server(s) are in the clear in the file sitemanager.xml.
In FileZilla 2.x they are encrypted.

This seems to be a high security risk!

Change History (3)

comment:1 by Tim Kosse, 16 years ago

This is by design. It's task of the operating system to protect the user's passwords.

comment:2 by tholau, 16 years ago

Well, easy response...
But good developers shouldn't only rely on others to secure their software!
A simply encrypted password enhances the user's feeling of "having a good, secure software" - and could help to improve portability....

comment:3 by Tim Kosse, 16 years ago

a feeling of "having a good, secure software" has nothing to do with security, it are two completely different things. As long as the user doesn't encrypt everything with a resonable password, there is no security.

Note: See TracTickets for help on using tickets.