#4705 closed Feature request (rejected)
XML output security risk
| Reported by: | abandonedbywolves | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | Cc: | ||
| Component version: | Operating system type: | Windows | |
| Operating system version: |
Description
This ones easy to describe. I noticed today on outputting my FTP accounts that you store the password information in the XML file. Great idea, very convenient, but due to the fact that it's not encoded, it's a very easy step for people to take to grab your passwords, especially considering that in the program, the pass input field is all dots to protect the user.
Steps:
- File>Export
- Save XML document
- Open document, notice in the <pass> tag, your password is there for the world to see... or at least users of your computer.
Note:
See TracTickets
for help on using tickets.
This is by design. If your system is properly secured nobody else can read your private files.
If other users of your computer can read those files then your system is not configured correctly.