How to protect FTP sessions when scripting :: Support Forum

Barlo
Joined:: 2012-09-03
Posts:: 9

How to protect FTP sessions when scripting

2012-09-11 11:14

I have WinSCP installed on a server where some users access through terminal server to do some jobs. Due to scripting reasons WinSCP is using WinSCP.ini file to store sessions. My script file uses stored sessions that I don't want to be available to other users.

How could I protect some stored sesions?. It will be right if sensitive session were hidden, protected with password before be able to connect...

Thank you very much.

Reply with quote

Barlo
Joined:: 2012-09-03
Posts:: 9

2012-09-13 09:31

I have activated the master password option but this take effect over all stored sessions and I would like to protect just a few sessions against improper accesses. How could I do that?

What other possibilities have to do this?

Regards.

Last edited by Barlo on 2012-09-21 11:46; edited 2 times in total

Reply with quote

Barlo
Joined:: 2012-09-03
Posts:: 9

2012-09-14 08:22

Now that I have stablished a master password for stored sessions, my script file is not working.
Is there a way to let it known what is the master password?

Thanks in advance.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,551
Location:: Prague, Czechia

Re: How to protect FTP sessions when scripting

2012-09-21

You can have one INI file with the secret sessions and another with public ones. And use file-level permissions to restrict access to the secret INI file.
And no, you cannot use master password for automation.

Reply with quote

Barlo

2012-09-21 09:43

Could you please give more details?. Do you mean, public sessions ini file in the WinSCP directory, and secret ini file in a different directory with access restrictions?

Regards.

Reply with quote

martin◆ Site Admin

2012-09-26

Correct.

See https://winscp.net/eng/docs/config

Reply with quote

CoachKA
Joined:: 2013-09-16
Posts:: 2

Re: How to protect FTP sessions when scripting

2014-09-08 16:39

martin wrote:

You can have one INI file with the secret sessions and another with public ones. And use file-level permissions to restrict access to the secret INI file.
And no, you cannot use master password for automation.

If the master password can't be used for automation/scripting, then is there a method for encrypting the password listed in a script file?

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,551
Location:: Prague, Czechia

Re: How to protect FTP sessions when scripting

2014-09-09

CoachKA wrote:

If the master password can't be used for automation/scripting, then is there a method for encrypting the password listed in a script file?

Quoting https://winscp.net/eng/docs/security_credentials#storing_password:

Saved passwords (unless protected by master password) are stored in a manner that they can easily be recovered. It is not possible to securely encrypt passwords in a way that still allows for automatic use. Do not use the save password feature if you are not absolutely sure of the physical and electronic security of the system on which you are storing passwords.

This relates to storing password in GUI, but applies equally to your question.
Note that master password would not help as you would have to save it to the script too.

See also:
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

Reply with quote

How to protect FTP sessions when scripting