Hello francis,
francis picabia <fpicabia@gmail.com> wrote:
> On Wed, Jun 27, 2012 at 4:46 PM, Andrei POPESCU
> <andreimpopescu@gmail.com> wrote:
> > On Mi, 27 iun 12, 16:26:48, francis picabia wrote:
> >> I've just learned Filezilla is a security risk. It stores saved
> >> passwords and the last used password in a plain text file.
> >
> > As do many other programs.
>
> Huh. None that I run. Perhaps your standards are, uh, different.
Pidgin & OpenSSH if used without passphrases, just to name two
examples. Claws-Mail applies some weird obfuscation that doesn't
really help, except for that I have to store my passwords somewhere
else in plaintext, too.
> the hacker. In this case we advise users to uninstall Filezilla
> and use something else. Not all Windows users of FTP tools are IT savvy.
^^^^^^^
> They need warnings and guidance frequently. I passed this on so
> others can reduce their threat potential.
Your users, your _Windows_ users, are certainly your problem and not
one that should be discussed on the debian-user ML. However, if you
find it a problem that programmes tend to leave unencrypted, sensible
data in /home rather than employing some more-or-less fake
encryption/obfuscation, feel free to suggest better ways to reach the
following target:
- It is not necessary to enter all passwords of every account upon
start of the programme.
- There is some sort of authentication, i.e. not every single
computer on this planet can log in.
- It works even if there is nobody around to enter passphrases/master
passwords (e.g., rsync over SSH to remote hosts).
Best regards,
Claudius
--
Adding sound to movies would be like putting lipstick on the Venus de Milo.
-- actress Mary Pickford, 1925
http://chubig.net telnet nightfall.org 4242
Attachment:
signature.asc
Description: PGP signature