Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Makc666

When you open "Generate Session URL/Code..." switch to Tab ".NET assembly Code".
You will see the password there in "normal" way.
Charles Sorgie

Re: Add ability to copy site password

Makc666 wrote:

Charles Sorgie wrote:

In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.


At Configuring Session (Login Dialog) make right click on your site entry.
And select "Generate Session URL/Code...".

You will get your password.

This is the quickest way for now.


While it does convert the special characters to hex this is a good to know. Thank you for pointing it out.
Makc666

Re: Add ability to copy site password

Charles Sorgie wrote:

In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.


At Configuring Session (Login Dialog) make right click on your site entry.
And select "Generate Session URL/Code...".

You will get your password.

This is the quickest way for now.
Charles Sorgie

Re: Add ability to copy site password

Makc666 wrote:

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.


What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):
open sftp://%USERNAME%:%PASSWORD%@example.com

...

can be called from this batch file (“configuration file”):
@echo off

set USERNAME=martin
set PASSWORD=mypassword
winscp.com /script=example.txt


In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.
Charles Sorgie

Re: Add ability to copy site password

martin wrote:

Anyway, you can use /loglevel=0*- to disable password logging.
I've documented this: https://winscp.net/eng/docs/commandline#logging


Thank you! I beleive with this I can solve my problem.

martin wrote:

In general, you should always isolate your script from the GUI configuration to avoid these kind of problems:
https://winscp.net/eng/docs/scripting#configuration


I am isolating the critical parts of the script, aren't I? I'm specifying a session URL and /log /loglevel which override the GUI configuration settings.
Charles Sorgie

Re: Add ability to copy site password

martin wrote:

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

See https://winscp.net/eng/docs/faq_password


I was unaware of (2). Logging > Log Passwords and other sensitive information defeats the changes I made because the HKCU is unencrypted and it can be set maliciously, true?

It seems that /log=<path> overrides the Logging > Log to file path but /loglevel=0 (without the "*") does not override the Log Passwords and other sensitive information preferences setting. How do I prevent the malicious setting of the preference and logging of passwords to a file?

It also seems that I cannot solve the problem by redirecting stdout because the preference specifies a path, true?

I do not understand. If I follow the procedure outlined here:
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

...then if "Log Passwords and other sensitive information" is set is the password still logged? Is there any way to prevent the logging of passwords even if "Log Passwords and other sensitive information" is set?

It seems that either /loglevel=n without a "*" should suppress password/sensitive logging OR something like /loglevel=n- ought to be supported to suppress it. Do you consider the former not overriding the preferences setting to be a feature or a bug?

A way to ensure in the script that passwords are not logged in the current version regardless of preference settings would be greatly appreciated. Thank you for your help.
martin

Re: Add ability to copy site password

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

See https://winscp.net/eng/docs/faq_password
Makc666

Re: Add ability to copy site password

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.


What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):
open sftp://%USERNAME%:%PASSWORD%@example.com

...

can be called from this batch file (“configuration file”):
@echo off

set USERNAME=martin
set PASSWORD=mypassword
winscp.com /script=example.txt
Charles Sorgie

Add ability to copy site password

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.