Differences

This shows you the differences between the selected revisions of the page.

security 2006-03-20 security 2024-04-07 (current)
Line 1: Line 1:
====== A word of warning ====== ====== A word of warning ======
-As with any security or cryptographic product, there are a number +Like any security or cryptographic product, there are a number 
-of concerns that should be addressed. In order to use this product +of concerns that should be addressed. To use WinSCP securely, you should understand how the program works and the concepts involved. Improper usage is often
-securely, you should make an effort to obtain a thorough understanding +
-of its operation and the concepts involved. Improper usage is often+
insecure usage, so please be sure to read the manual completely. insecure usage, so please be sure to read the manual completely.
===== Host Security ===== ===== Host Security =====
The security of the computer running WinSCP is a serious The security of the computer running WinSCP is a serious
-concern. Trojan Horse and Backdoor programs can potentially be used to +concern. Trojan Horse and Backdoor programs can steal authentication credentials such as passwords and [[public_key#private|private keys]]
-steal authentication credentials such as passwords and [[public_key#private|private keys]]+
that have been stored or entered on the computer. Public computers that have been stored or entered on the computer. Public computers
-often have session monitoring software which may include key loggers, +often have session monitoring software--including key loggers--or other malicious software.
-or may have malicious software installed by a previous user.+
-WinSCP can support "keyboard-interactive" authentication+WinSCP can support SSH "keyboard-interactive" authentication
methods if offered by the server. With keyboard-interactive methods if offered by the server. With keyboard-interactive
authentication, the server can prompt for special credentials such authentication, the server can prompt for special credentials such
Line 22: Line 18:
of one-time authentication is offered. of one-time authentication is offered.
-===== Stored Credentials ===== +===== Credentials Security ===== 
-WinSCP supports storing passwords with saved sessions. This is +Learn about choosing compromise between [[security_credentials|security of your credentials]] and convenience of handling them.
-provided as a convenience, and is not recommended. If you need to be +
-able to log in without reentering your credentials, the recommended +
-method is to use public key authentication and protect your private +
-key with a pass phrase. The SSH Key Agent provided by PuTTY, Pageant, +
-can store the decrypted key in memory, allowing you to enter your +
-credentials once and continue using them until you close down the +
-agent or log off of Windows entirely. +
- +
-Saved passwords are stored in a manner that they can easily be +
-recovered. It is not possible to securely encrypt passwords in a way +
-that still allows for automatic use. Do not use the save password +
-feature if you are not absolutely sure of the physical and +
-electronic security of the system on which you are storing +
-passwords. +
- +
-Password storing can be [[administration|restricted by system administrator]].+

Last modified: by martin