Differences
This shows you the differences between the selected revisions of the page.
| 2014-12-23 | 2015-03-02 | ||
| make clear this is all about case when password is not stored in site (martin) | explaining why not to keep password in memory (martin) | ||
| Line 19: | Line 19: | ||
| If you have your [[security_credentials#storing_password|password stored in site]], it's remembered implicitly. | If you have your [[security_credentials#storing_password|password stored in site]], it's remembered implicitly. | ||
| + | |||
| + | Keeping password in memory can be dangerous, in case a malware gains access to the WinSCP process or the memory is swapped out to disk or written into a crash dump file. However, it is still unavoidably very dangerous if malicious software is in a position to read the memory of your WinSCP processes: there is still a lot of sensitive data in there which cannot be wiped because it's still being used, e.g. session keys. Also [[ui_pageant|Pageant]] retains decrypted private keys in memory for long periods on purpose if you use it. So turning the option off somewhat mitigates the risks of malicious access to your WinSCP processes' memory, but it cannot eliminate those risks completely. ((&puttydoccite)) | ||
| ===== [[putty_password]] Passing Password to PuTTY ===== | ===== [[putty_password]] Passing Password to PuTTY ===== | ||