Topic "[Bug] Able to delete websites without master password"

Author Message
BarisUnver

Guest


Hi. I just realized that I was able to delete a couple of my websites without WinSCP asking me for a master password. Just wanted to let you know.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.
BarisUnver

Guest


prikryl wrote:
The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.


That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?
Ricardo
[View user's profile]
Donor
Joined: 2006-02-03
Posts: 106
BarisUnver wrote:
prikryl wrote:
The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.


That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?

The only way to prevent that would be encrypting the config INI file itself or, in the case settings are saved to Registry, restricting permissions of the registry key. And wscp does not do this.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
BarisUnver wrote:
That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?

Encryption cannot prevent the data from being damaged.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License