Differences
This shows you the differences between the selected revisions of the page.
| security 2009-03-01 | security 2024-04-07 (current) | ||
| Line 1: | Line 1: | ||
| + | ====== A word of warning ====== | ||
| + | Like any security or cryptographic product, there are a number | ||
| + | of concerns that should be addressed. To use WinSCP securely, you should understand how the program works and the concepts involved. Improper usage is often | ||
| + | insecure usage, so please be sure to read the manual completely. | ||
| + | ===== Host Security ===== | ||
| + | The security of the computer running WinSCP is a serious | ||
| + | concern. Trojan Horse and Backdoor programs can steal authentication credentials such as passwords and [[public_key#private|private keys]] | ||
| + | that have been stored or entered on the computer. Public computers | ||
| + | often have session monitoring software--including key loggers--or other malicious software. | ||
| + | |||
| + | WinSCP can support SSH "keyboard-interactive" authentication | ||
| + | methods if offered by the server. With keyboard-interactive | ||
| + | authentication, the server can prompt for special credentials such | ||
| + | as a S/Key one-time password or RSA SecurID generated value. These | ||
| + | "disposable" credentials are preferable if you must use a public | ||
| + | computer. Contact your system administrator to find out if any form | ||
| + | of one-time authentication is offered. | ||
| + | |||
| + | ===== Credentials Security ===== | ||
| + | Learn about choosing compromise between [[security_credentials|security of your credentials]] and convenience of handling them. | ||