Add ability to copy site password

Advertisement

Charles Sorgie
Joined:
Posts:
12

Add ability to copy site password

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

Reply with quote

Advertisement

Makc666
Joined:
Posts:
52
Location:
MSK-RU

Re: Add ability to copy site password

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):
open sftp://%USERNAME%:%PASSWORD%@example.com
...    
can be called from this batch file (“configuration file”):
@echo off
set USERNAME=martin
set PASSWORD=mypassword
winscp.com /script=example.txt    

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Add ability to copy site password

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.
See https://winscp.net/eng/docs/faq_password

Reply with quote

Charles Sorgie
Joined:
Posts:
12

Re: Add ability to copy site password

martin wrote:

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.
See https://winscp.net/eng/docs/faq_password

I was unaware of (2). Logging > Log Passwords and other sensitive information defeats the changes I made because the HKCU is unencrypted and it can be set maliciously, true?

It seems that /log=<path> overrides the Logging > Log to file path but /loglevel=0 (without the "*") does not override the Log Passwords and other sensitive information preferences setting. How do I prevent the malicious setting of the preference and logging of passwords to a file?

It also seems that I cannot solve the problem by redirecting stdout because the preference specifies a path, true?

I do not understand. If I follow the procedure outlined here:
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

...then if "Log Passwords and other sensitive information" is set is the password still logged? Is there any way to prevent the logging of passwords even if "Log Passwords and other sensitive information" is set?

It seems that either /loglevel=n without a "*" should suppress password/sensitive logging OR something like /loglevel=n- ought to be supported to suppress it. Do you consider the former not overriding the preferences setting to be a feature or a bug?

A way to ensure in the script that passwords are not logged in the current version regardless of preference settings would be greatly appreciated. Thank you for your help.

Reply with quote

Charles Sorgie
Joined:
Posts:
12

Re: Add ability to copy site password

martin wrote:

Anyway, you can use /loglevel=0*- to disable password logging.
I've documented this: https://winscp.net/eng/docs/commandline#logging

Thank you! I beleive with this I can solve my problem.

martin wrote:

In general, you should always isolate your script from the GUI configuration to avoid these kind of problems:
https://winscp.net/eng/docs/scripting#configuration

I am isolating the critical parts of the script, aren't I? I'm specifying a session URL and /log /loglevel which override the GUI configuration settings.

Reply with quote

Charles Sorgie
Joined:
Posts:
12

Re: Add ability to copy site password

Makc666 wrote:

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):
open sftp://%USERNAME%:%PASSWORD%@example.com
...    
can be called from this batch file (“configuration file”):
@echo off
set USERNAME=martin
set PASSWORD=mypassword
winscp.com /script=example.txt    

In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.

Reply with quote

Makc666
Joined:
Posts:
52
Location:
MSK-RU

Re: Add ability to copy site password

Charles Sorgie wrote:

In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.

At Configuring Session (Login Dialog) make right click on your site entry.
And select "Generate Session URL/Code...".

You will get your password.

This is the quickest way for now.

Reply with quote

Charles Sorgie
Joined:
Posts:
12

Re: Add ability to copy site password

Makc666 wrote:

Charles Sorgie wrote:

In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.

At Configuring Session (Login Dialog) make right click on your site entry.
And select "Generate Session URL/Code...".

You will get your password.

This is the quickest way for now.

While it does convert the special characters to hex this is a good to know. Thank you for pointing it out.

Reply with quote

Makc666
Joined:
Posts:
52
Location:
MSK-RU

When you open "Generate Session URL/Code..." switch to Tab ".NET assembly Code".
You will see the password there in "normal" way.

Reply with quote

Advertisement

You can post new topics in this forum