On 2012-06-27, francis picabia <fpica...@gmail.com> wrote: > I've just learned Filezilla is a security risk. It stores saved > passwords and the last used password in a plain text file. >
There's an interesting (well, for arbitrary definitions of the word interesting) discussion of the "problem" here: http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/ (From May, _2008_!, so you're a little _en retard_). I personally use ncftp, but I suppose it lacks many bells and whistles. It doesn't save passwords by default, though, and has a responsible man page: save-passwords If you set this variable to yes, the program will save passwords along with the bookmarks you save. While this makes non-anonymous logins more convenient, this can be very dangerous since your account information is now sitting in the $HOME/.ncftp/bookmarks file. The passwords aren't in clear text, but it is still trivial to decode them if someone wants to make a modest effort. Un homme averti en vaut deux. If the filezilla man page isn't clear on this point, I think that is a form negligence (although I don't know who's responsible for thei man page in the end--maybe it's me!). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrnjuot1t.38n.cu...@einstein.electron.org
