Opened 9 years ago
Closed 9 years ago
#9468 closed Bug report (duplicate)
encrypt websites data, irrespective of application password
|Reported by:||raanan barzel||Owned by:|
|Component version:||Operating system type:|
|Operating system version:|
Five years ago (Ticket #4565) this request was rejected, with the conclusion "On a secured computer plain text passwords are secure".
There is no such thing as a secured computer, and recent events prove this without doubt.
If you trust your door lock, then you may conclude that you dont need to lock drawers, but in reality you do: you are protecting at different levels; you may want your kid not to have access to the drawer but you still give him a key to your house. The drawer lock may not be foolproof, but it does deter from prying.
Website data needs a drawer-level security.
Stating that "A (security) chain is only as strong as its weakest link" does not mean that making things more difficult to an intruder is useless.
I wish the developers take a different stand on this issue. Until then, I will replace FileZilla with a client more respectful of this point of view.
Change History (5)
comment:1 by , 9 years ago
|Status:||new → closed|
comment:2 by , 9 years ago
|Status:||closed → reopened|
|Summary:||encrypting site data → encrypt websites data, irrespective of application password|
This request is not a duplicate of 2935: 2935 asks for a password for the application, while this request asks for the encryption of the websites data, to protet from network intruders.
At least one Windows ftp client stores that data in a way so that it is not easy to locate or understand, and that is what I would like FileZilla to do, so that I could use the same (FileZilla) ftp client with confidence on Windows, Linux and Osx. The application password is a different matter.
comment:3 by , 9 years ago
|Status:||reopened → moreinfo_reopened|
comment:4 by , 9 years ago
|Status:||moreinfo_reopened → reopened|
Right now you dont need even to use the application to get to the information, the xml is there for anyony to see. I just want to make things a little less conspicuous.
Evidently, an application password would be the ultimate solution.
comment:5 by , 9 years ago
|Status:||reopened → closed|
So this is a duplicate of #2935. Without a (user-provided) master password, the file just "looks safe", even though it is just another plain text representation.
This is still an open feature request as requested in #2935.