Re: Filezilla a security risk
On 2012-06-27, francis picabia <fpicabia@gmail.com> wrote:
> I've just learned Filezilla is a security risk. It stores saved
> passwords and the last used password in a plain text file.
>
There's an interesting (well, for arbitrary definitions of the word
interesting) discussion of the "problem" here:
http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/
(From May, _2008_!, so you're a little _en retard_).
I personally use ncftp, but I suppose it lacks many bells and whistles.
It doesn't save passwords by default, though, and has a responsible man
page:
save-passwords
If you set this variable to yes, the program will save passwords along with the
bookmarks you save. While this makes non-anonymous logins more convenient,
this can be very dangerous since your account information is now sitting in
the $HOME/.ncftp/bookmarks file. The passwords aren't in clear text, but
it is still trivial to decode them if someone wants to make a modest effort.
Un homme averti en vaut deux.
If the filezilla man page isn't clear on this point, I think that is a
form negligence (although I don't know who's responsible for thei man
page in the end--maybe it's me!).
Reply to: