Re: Filezilla a security risk
On Sat, 30 Jun 2012 12:45:08 +0200, Denis Witt wrote:
> Camaleón schrieb:
>
>>>> and hey, it's open source! You can hire a programmer, make a fork
>>>> ("FileZilla-S" for secure) and add all the enhancements you want ;-
>>> Forking a program for a single little feature doesn't make a lot of
>>> sense to me.
>
>> If you value so much that feature and you really like the application,
>> why not?
>
> I didn't. It's more that I dislike the attitude of some developers (in
> general) saying that they don't have to care about uninformed users who
> misconfigure their systems or even don't know how to protect themselves.
>
> At least they should inform the user that saving passwords is insecure.
If currently there's no indication in their docs about the settings are
being stored in clear text (login and passsword) you can open a wishlist
bug report at FileZilla site for that.
It's easy to blame devels (and forget the next day) but users can also
contribute with this little things.
>> I wonder if a feasible approach to store credentials in clear text for
>> FileZilla would be using something like the gnome-keyring or a similar
>> implementation for the different OSes or linux boxes, although of
>> course, this would add additional drawbacks.
>
> I like how MacOS handle this, nearly every application designed for
> MacOS is using the built in Keychain. Of course, if the keychain tool
> isn't secure this is a big problem.
That's similar to what GNOME keyring does and you can also use an
unsecure keyring by removing the passsord and exposing the stored
credentials as plain text but of course, that's up to the user and how he/
she wants to manage the login information.
Greetings,
--
Camaleón
Reply to: