Re: Filezilla a security risk

To: debian-user@lists.debian.org
Subject: Re: Filezilla a security risk
From: Curt <curty@free.fr>
Date: Thu, 28 Jun 2012 15:10:54 +0000 (UTC)
Message-id: <[🔎] slrnjuot1t.38n.curty@einstein.electron.org>
References: <[🔎] CA+AKB6E1FfRCNbV6PimAvdvUfoBKuo7rgLsbaCR_7tgtuZdw5A@mail.gmail.com>

On 2012-06-27, francis picabia <fpicabia@gmail.com> wrote:
> I've just learned Filezilla is a security risk.  It stores saved
> passwords and the last used password in a plain text file.
>

There's an interesting (well, for arbitrary definitions of the word
interesting) discussion of the "problem" here:

http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/

(From May, _2008_!, so you're a little _en retard_).

I personally use ncftp, but I suppose it lacks many bells and whistles.
It doesn't save passwords by default, though, and has a responsible man
page:

 save-passwords
 If you set this variable to yes, the program will save passwords along with the
 bookmarks you  save.   While this makes non-anonymous logins more convenient,
 this can be very dangerous since your account information is now sitting in
 the $HOME/.ncftp/bookmarks file.  The  passwords aren't in clear text, but
 it is still trivial to decode them if someone wants to make a modest effort.

Un homme averti en vaut deux.

If the filezilla man page isn't clear on this point, I think that is a
form negligence (although I don't know who's responsible for thei man
page in the end--maybe it's me!).

Reply to:

References:
- Filezilla a security risk
  - From: francis picabia <fpicabia@gmail.com>

Prev by Date: Re: Filezilla a security risk
Next by Date: Re: Filezilla a security risk
Previous by thread: Re: Filezilla a security risk
Next by thread: Re: Filezilla a security risk
Index(es):
- Date
- Thread