Forum » Feature Requests »

Post a reply

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

Guest

2021-04-21 09:00

Hi Martin,

indeed that would torpedo the whole thing.
(In this case WinSCP would run on a proxy as a Remoteapp and cmd could be controlled there, but it's probably not worth the effort, considering the users could use ssh and commands to achieve the same thing)
Thank you for your time!
J

martin

2021-04-20

But they would be able to do run a (local) custom command like this to get the password:

cmd /k echo !P

jo1515

2021-04-16 08:27

Hello,

Sorry for not being very clear:
1. since the "Generate session URL/code" menu option makes it easy for users to read the current password in use,
2. we cannot use the "Security > Remember password for duration of session" setting.
3. As a consequence, users cannot use the File > Custom commands when they right click on a file during a session.

So, in our case with this administrative restriction, we could maybe use the "Security > Remember password for duration of session" setting, because it blocks the "Generate session URL/code" menu option, making it somewhat harder for the end user to get hold of the current password.
But, they can use the right click and use File > Custom commands on a session without prompting for a password again (which they don't know, since it is managed).
Kind regards,
J

martin

2021-04-16

What do you mean by "does not allow us to use "Security > Remember password for duration of session""? What exactly are you trying to prevent? What does this have to do with Custom commands?

jo1515

2021-04-13 13:07

Hi Martin,
some application users would prefer to use the "File > Custom commands", when connected with WinSCP, but the "Generate session URL/code" option does not allow us to use "Security > Remember password for duration of session", since they should not have direct access to the password itself.
These users do not use the "Generate session URL/code" option, so if we could disable this, we may eliminate one way of reading a managed password and think about mitigating others.

Thank you!
J

martin

Re: Additional administrative restriction - disable Generate session URL/code menu option

2021-04-13

Why do you want that?

jo1515

Additional administrative restriction - disable Generate session URL/code menu option

2021-04-13 09:31

Hello,

Is it possible to include the "Session > Generate session URL/code" menu option in the list of Administrative restrictions (https://winscp.net/eng/docs/administration#configuring).

And of course the result would be: after the required Reqistry change, the menu option would be disabled/greyed out.

Thank you!
J

Post a reply

Topic review

Re: Additional administrative restriction - disable Generate session URL/code menu option

Additional administrative restriction - disable Generate session URL/code menu option

Documentation

Support

Associations

Follow Us