Re: Filezilla a security risk

To: debian-user@lists.debian.org
Subject: Re: Filezilla a security risk
From: Camaleón <noelamac@gmail.com>
Date: Sat, 30 Jun 2012 14:44:35 +0000 (UTC)
Message-id: <[🔎] jsn3cj$djv$11@dough.gmane.org>
References: <[🔎] CA+AKB6E1FfRCNbV6PimAvdvUfoBKuo7rgLsbaCR_7tgtuZdw5A@mail.gmail.com> <[🔎] jshqlo$no$5@dough.gmane.org> <[🔎] 4FECA6FB.7090606@eisenbits.com> <[🔎] jsie79$no$18@dough.gmane.org> <[🔎] 4FECE810.4030101@concepts-and-training.de> <[🔎] jskc6a$68h$4@dough.gmane.org> <[🔎] 4FEDBF4D.6040905@concepts-and-training.de> <[🔎] jskgm9$68h$11@dough.gmane.org> <[🔎] 4FEDD417.7070607@concepts-and-training.de> <[🔎] jskmhd$68h$16@dough.gmane.org> <[🔎] 4FEDFC1E.9080902@concepts-and-training.de> <[🔎] jsmga9$djv$3@dough.gmane.org> <[🔎] 4FEED8B4.6000303@concepts-and-training.de> <[🔎] jsmnpc$djv$8@dough.gmane.org> <[🔎] 20120630134630.29c39e72@ares.home.chubig.net>

On Sat, 30 Jun 2012 13:46:30 +0200, Claudius Hubig wrote:

> Hello Camaleón,
> 
> Camaleón <noelamac@gmail.com> wrote:
>> On Sat, 30 Jun 2012 12:45:08 +0200, Denis Witt wrote:
>> > I like how MacOS handle this, nearly every application designed for
>> > MacOS is using the built in Keychain. Of course, if the keychain tool
>> > isn't secure this is a big problem.
>> 
>> That's similar to what GNOME keyring does and you can also use an
>> unsecure keyring by removing the passsord and exposing the stored
>> credentials as plain text but of course, that's up to the user and how
>> he/ she wants to manage the login information.
> 
> And if FileZilla wanted to make use of this possibility, they had to
> (let me check the list of supported platforms):
> 
> - Support the Gnome keyring
> - Support KWallet (KDE)
> - Support this MacOS thingy
> - Think about something for Windows
> 
> and someone would still decide that their favourite environment™ is
> missing and complain about FileZilla being a security problem.

Even more, should FileZilla credentials finally benefit from any of those 
methods, there will be still users that complain because they want to run 
Filezilla client from external USB drive in stand-alone mode.

As I said, the worst computer's enemy is the user :-)

> Sure, all that can be done, but it is certainly not the job of an
> application to secure user data, that’s the job of the OS.

Sure, and when there is no OS in place (e.g., when you remove the hard 
disk and connect it into another system) you have to ensure your data is 
protected and only hard disk encryption can prevent this scenario because 
even the passwords are encrypted can be still cracked.

Greetings,

-- 
Camaleón

Reply to:

References:
- Filezilla a security risk
  - From: francis picabia <fpicabia@gmail.com>
- Re: Filezilla a security risk
  - From: Camaleón <noelamac@gmail.com>
- Re: Filezilla a security risk
  - From: Stanisław Findeisen <stf.list.debian.user@eisenbits.com>
- Re: Filezilla a security risk
  - From: Camaleón <noelamac@gmail.com>
- Re: Filezilla a security risk
  - From: Denis Witt <denis.witt@concepts-and-training.de>
- Re: Filezilla a security risk
  - From: Camaleón <noelamac@gmail.com>
- Re: Filezilla a security risk
  - From: Denis Witt <denis.witt@concepts-and-training.de>
- Re: Filezilla a security risk
  - From: Camaleón <noelamac@gmail.com>
- Re: Filezilla a security risk
  - From: Denis Witt <denis.witt@concepts-and-training.de>
- Re: Filezilla a security risk
  - From: Camaleón <noelamac@gmail.com>
- Re: Filezilla a security risk
  - From: Denis Witt <denis.witt@concepts-and-training.de>
- Re: Filezilla a security risk
  - From: Camaleón <noelamac@gmail.com>
- Re: Filezilla a security risk
  - From: Denis Witt <denis.witt@concepts-and-training.de>
- Re: Filezilla a security risk
  - From: Camaleón <noelamac@gmail.com>
- Re: Filezilla a security risk
  - From: Claudius Hubig <debian_1206@chubig.net>

Prev by Date: RE: Wireless network not found
Next by Date: Re: gnome cannot start without kde
Previous by thread: Re: Filezilla a security risk
Next by thread: Re: Filezilla a security risk
Index(es):
- Date
- Thread