Opened 15 years ago

Closed 15 years ago

Last modified 11 years ago

#4705 closed Feature request (rejected)

XML output security risk

Reported by: abandonedbywolves Owned by:
Priority: normal Component: FileZilla Client
Keywords: Cc:
Component version: Operating system type: Windows
Operating system version:

Description

This ones easy to describe. I noticed today on outputting my FTP accounts that you store the password information in the XML file. Great idea, very convenient, but due to the fact that it's not encoded, it's a very easy step for people to take to grab your passwords, especially considering that in the program, the pass input field is all dots to protect the user.

Steps:

  1. File>Export
  2. Save XML document
  3. Open document, notice in the <pass> tag, your password is there for the world to see... or at least users of your computer.

Change History (1)

comment:1 by Tim Kosse, 15 years ago

Resolution: rejected
Status: newclosed

This is by design. If your system is properly secured nobody else can read your private files.

If other users of your computer can read those files then your system is not configured correctly.

Note: See TracTickets for help on using tickets.