Post a reply

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Re: Master password: hide all!

Thanks for your suggestion.
Will see if more people ask for this.

Master password: hide all!

I have a master password for all my ftp accounts, which is a great protection.

However, i think it is a security vulnerability that, WITHOUT knowing this password, someone can just start WinSCP and browse through my accounts and read everything except the password. That opens the door for a brute force attack and gives info about the server that might be vulnerable.

I would prefer it to be like this: immediately after WinSCP gets started the program asks for the password (absolutley nothing can be done without it).

It would also be great if the other ftp account related info in the config file would be encrypted, too, to make the security watertight!

Thank you for your time!
A. Lind