Opened 10 years ago

Closed 2 years ago

#4825 closed Feature request

Security/Organization: Add Password-Protected Profiles to Site Manager Site Tree

Reported by: Steve Amerige Owned by:
Priority: normal Component: FileZilla Client
Keywords: security, organization, profile, site manager, password protection Cc:
Component version: Operating system type:
Operating system version:

Description (last modified by Tim Kosse)

FEATURE MOTIVATIONS

  1. SECURITY: FTP Site data as managed by the Site Manager exposes to anyone having computer physical access the following information: host, username, login scripts, and other information. This is a problem because this information might be confidential. As a contractor, I work in many customer sites. While I'm working at CompanyA, I use a set of FTP sites that CompanyA has provided to me. While I'm working at CompanyB, I use a set of FTP sites that CompanyB has provided to me. FileZilla does not help me protect CompanyA's information from falling into the hands of CompanyB personnel who might have physical access to my computer. Even the list of company names that I work with is confidential information.
  1. SCREEN CAPTURE: When I'm preparing tutorials for specific companies to use FileZilla by doing screen capture as I enter specific information in the Site Manager, I must remove all of my sites before beginning to ensure that the screen capture process looks "clean". While FileZilla's online documentation is great, I want to provide my clients with step-by-step instructions on how to build their site list showing the actual information that they'd be entering.
  1. EXPORTING: Currently, doing Right Click > Export... exports everything. I would want to export content that is relevant only to CompanyA, CompanyB, etc.

FEATURE REQUEST: Add Password-Protecting Profile Manager

In the Site Manager, the top item is "My Sites". Currently, the only operation on this item is Right Click > Export. This feature request adds an additional context item and behaviors as detailed below.

  1. Add the following context menu: Right Click > Profile Manager.... When clicked the Profile Manager dialog opens up. The dialog contains the following:

Left:

  • Profile Manager Password [password field]
  • Password Reset E-Mail Address [text field]
  • Profiles [combo box with all existing profile names and "My Sites"]
  • Require Confirmation to Edit Sites [checkbox]

Right:

  • Profile Name [text field]
  • Profile Password [text field]

Bottom:

  • New Profile [button]
  • Delete Profile [button]
  • Export All [button]
  • OK [button]
  • Cancel [button]
  1. If no profile is selected, then the behavior is exactly as it is today. That is, sites that are added, but not attached to any profile are considered to be part of the common "My Sites" profile. The "My Sites" profile cannot be password protected. In the Profile Manager, if "My Sites" is selected, then the Profile Name and Profile Password are grayed out.
  1. When the user does the operation Right Click > Profile Manager... and there is a Profile Manager Password that is set, then a "Enter Profile Manager Password" dialog opens up first into which the user enters the password. If the password is correct, then the Profile Manager dialog opens up. If the password is not correct, then an error dialog opens up. The "Enter Profile Manager Password" dialog contains a button "Forgot Password" if a password reset e-mail address has been specified. If clicked, a temporary password e-mailed to the address that must be used within 24 hours. The only other recourse is for the user to remove the application data for FileZilla and start clean. There should not be a UI for doing this. However, online Help can profile information on how to clear FileZilla of stored profile data.

Once successfully entered, FileZilla remembers the selected profile for the duration of the FileZilla running session. When the user completely closes and then restarts FileZilla, the Site will revert to My Sites for password-protected profiles and will revert to the selected profile for profiles without passwords.

  1. Once the user selects a profile in the Profile Manager dialog, then the top item in the Site Manager "My Sites" is replaced by the selected profile name.
  1. Once the user selects a profile, then only those sites managed by that profile are shown.
  1. If the user clicks the "Delete" button to delete a specific site, then if the "Require Confirmation to Edit Sites" checkbox was checked, then a dialog pops up into which the user must enter the profile password in order to delete the site from the profile. Similarly, if the user wishes to make changes to the connection information for a site (such as the Host, User, Password, etc.), then the same confirmation dialog will pop up into which the user must enter the profile password in order to continue making changes. Once the profile password has been successfully entered, the user can continue making changes on any site until the Site Manager's OK button has been clicked. When re-entering the Site Manager dialog, the profile password will again be required for password-protected profiles.
  1. If the user selects Right Click > Export..., then only the content from the currently selected profile is exported.
  1. If the user wishes to export all site data, then this functionality is accessed via the Profile Manager dialog by clicking on the Export All button.
  1. When the user exports a profile (or all profiles via the Export All button), the exported information for password-protected profiles will be encrypted.
  1. When importing a profile, if the imported profile has the same name as an existing profile, a dialog will pop up requiring the user to enter the existing password of the profile to continue.
  1. When importing a profile, if the imported profile has the same name as an existing profile, then existing content will be overwritten by the imported content, including any password field.
  1. The Profile Manager can change the password for any profile.

Change History (1)

comment:1 Changed 2 years ago by Tim Kosse

Description: modified (diff)
Priority: criticalnormal
Status: newclosed

Password protected passwords have been implemented in FileZilla a while ago.

For profiles, just change your system's user account. User data is isolated from othjer users.

Note: See TracTickets for help on using tickets.