[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Filezilla a security risk

On Thu, Jun 28, 2012 at 12:35 PM, Shane Johnson
<sdj@rasmussenequipment.com> wrote:

>
> Please remember that FTP by nature is insecure.  All it would take is
> for someone to packet sniff the connection and they would have the
> user name and password to the account as they are transmitted in plain
> text.

Yes, this is all correct.  However filezilla does sftp as well and
SFTP session passwords are also saved in this plain text file as
a human readable password.  That typically translates to SSH access.

In case this is lost on anyone, we are NOT talking about sniffing, but
drive by malware reading a plain text file on the client OS containing
the password.
Even if you do not check the box for saving the password, the most
recent entered password is saved there.
Reply to: