Differences
This shows you the differences between the selected revisions of the page.
| security 2011-02-05 | security 2024-04-07 (current) | ||
| Line 5: | Line 5: | ||
| ===== Host Security ===== | ===== Host Security ===== | ||
| - | The security of the computer running **WinSCP** is a serious | + | The security of the computer running WinSCP is a serious |
| concern. Trojan Horse and Backdoor programs can steal authentication credentials such as passwords and [[public_key#private|private keys]] | concern. Trojan Horse and Backdoor programs can steal authentication credentials such as passwords and [[public_key#private|private keys]] | ||
| that have been stored or entered on the computer. Public computers | that have been stored or entered on the computer. Public computers | ||
| Line 18: | Line 18: | ||
| of one-time authentication is offered. | of one-time authentication is offered. | ||
| - | ===== Stored Credentials ===== | + | ===== Credentials Security ===== |
| - | WinSCP supports storing passwords with saved sessions. This is | + | Learn about choosing compromise between [[security_credentials|security of your credentials]] and convenience of handling them. |
| - | provided as a convenience, and is not recommended, unless protected by [[master_password|master password]]. | + | |
| - | + | ||
| - | If you need to be | + | |
| - | able to log in without reentering your credentials, the recommended | + | |
| - | method with SSH is to use public key authentication and protect your private | + | |
| - | key with a pass phrase. The SSH Key Agent provided by PuTTY, Pageant, | + | |
| - | can store the decrypted key in memory, allowing you to enter your | + | |
| - | credentials once and continue using them until you close down the | + | |
| - | agent or log off of Windows entirely. | + | |
| - | + | ||
| - | Saved passwords, unless protected by [[master_password|master password]], are stored in a manner that they can easily be | + | |
| - | recovered. It is not possible to securely encrypt passwords in a way | + | |
| - | that still allows for automatic use. Do not use the save password | + | |
| - | feature if you are not absolutely sure of the physical and | + | |
| - | electronic security of the system on which you are storing | + | |
| - | passwords. | + | |
| - | + | ||
| - | Password storing can be [[administration|restricted by system administrator]]. | + | |