Topic "Add ability to copy site password"

Author Message
Charles Sorgie
[View user's profile]

Joined: 2015-03-05
Posts: 12
Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.
Advertisements
Makc666
[View user's profile]

Joined: 2016-12-08
Posts: 52
Location: MSK-RU
Charles Sorgie wrote:
Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.


What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):
Code:
open sftp://%USERNAME%:%PASSWORD%@example.com
...

can be called from this batch file (“configuration file”):
Code:
@echo off
set USERNAME=martin
set PASSWORD=mypassword
winscp.com /script=example.txt
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26299
Location: Prague, Czechia
Charles Sorgie wrote:
Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

See https://winscp.net/eng/docs/faq_password
Charles Sorgie
[View user's profile]

Joined: 2015-03-05
Posts: 12
martin wrote:
Charles Sorgie wrote:
Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

See https://winscp.net/eng/docs/faq_password


I was unaware of (2). Logging > Log Passwords and other sensitive information defeats the changes I made because the HKCU is unencrypted and it can be set maliciously, true?

It seems that /log=<path> overrides the Logging > Log to file path but /loglevel=0 (without the "*") does not override the Log Passwords and other sensitive information preferences setting. How do I prevent the malicious setting of the preference and logging of passwords to a file?

It also seems that I cannot solve the problem by redirecting stdout because the preference specifies a path, true?

I do not understand. If I follow the procedure outlined here:
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

...then if "Log Passwords and other sensitive information" is set is the password still logged? Is there any way to prevent the logging of passwords even if "Log Passwords and other sensitive information" is set?

It seems that either /loglevel=n without a "*" should suppress password/sensitive logging OR something like /loglevel=n- ought to be supported to suppress it. Do you consider the former not overriding the preferences setting to be a feature or a bug?

A way to ensure in the script that passwords are not logged in the current version regardless of preference settings would be greatly appreciated. Thank you for your help.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26299
Location: Prague, Czechia
In general, you should always isolate your script from the GUI configuration to avoid these kind of problems:
https://winscp.net/eng/docs/scripting#configuration

Anyway, you can use /loglevel=0*- to disable password logging.
I've documented this: https://winscp.net/eng/docs/commandline#logging
Charles Sorgie
[View user's profile]

Joined: 2015-03-05
Posts: 12
martin wrote:
Anyway, you can use /loglevel=0*- to disable password logging.
I've documented this: https://winscp.net/eng/docs/commandline#logging


Thank you! I beleive with this I can solve my problem.

martin wrote:
In general, you should always isolate your script from the GUI configuration to avoid these kind of problems:
https://winscp.net/eng/docs/scripting#configuration


I am isolating the critical parts of the script, aren't I? I'm specifying a session URL and /log /loglevel which override the GUI configuration settings.
Charles Sorgie
[View user's profile]

Joined: 2015-03-05
Posts: 12
Makc666 wrote:
Charles Sorgie wrote:
Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.


What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):
Code:
open sftp://%USERNAME%:%PASSWORD%@example.com
...

can be called from this batch file (“configuration file”):
Code:
@echo off
set USERNAME=martin
set PASSWORD=mypassword
winscp.com /script=example.txt


In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.
Makc666
[View user's profile]

Joined: 2016-12-08
Posts: 52
Location: MSK-RU
Charles Sorgie wrote:
In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.


At Configuring Session (Login Dialog) make right click on your site entry.
And select "Generate Session URL/Code...".

You will get your password.

This is the quickest way for now.
Charles Sorgie
[View user's profile]

Joined: 2015-03-05
Posts: 12
Makc666 wrote:
Charles Sorgie wrote:
In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.


At Configuring Session (Login Dialog) make right click on your site entry.
And select "Generate Session URL/Code...".

You will get your password.

This is the quickest way for now.


While it does convert the special characters to hex this is a good to know. Thank you for pointing it out.
Makc666
[View user's profile]

Joined: 2016-12-08
Posts: 52
Location: MSK-RU
When you open "Generate Session URL/Code..." switch to Tab ".NET assembly Code".
You will see the password there in "normal" way.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License