Topic "Do not show proxy password in full open command syntax suggestion"

Author Message
Malcolm.Simpson
[View user's profile]

Joined: 2017-08-30
Posts: 1
Location: Egham
When connecting using a saved site the proxy password is displayed in plain text. (The site password is masked as per bug fix 1452.)

WinSCP version 5.9.6 and earlier.

Through the GUI create a site using a proxy server. When this is used in a script, a suggestion is logged that displays the plain-text proxy credentials.

Script command:
open user@host

Log file:
Script: In scripting you should not rely on saved sites, use this command instead:
Script: open sftp://user:maskedpassword@host/ -rawsettings ProxyMethod=2 ProxyHost="proxyhost" ProxyPort=proxyportnumber ProxyUsername="proxyusername" ProxyPassword="plaintextpassword"

Expected: proxy password is masked.
Even better, the ability to completely suppress the suggestion, since we deliberately use saved sites and this suggestion is logged for every connection.
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 27058
Location: Prague, Czechia
Thanks for your suggestion.
Will see if more people ask for this.
stefan_s
[View user's profile]

Joined: 2007-09-18
Posts: 16
Location: munich, germany
I also use currently saved sessions/sites in scripting, to allow the user to edit the proxy parameters
by GUI and then to perform the transfer regular by a batch.
this makes switching to new style "open" parameters difficult.

So I would also appreciate to not see the plaintext password in
the console and the logfile.

in a following message in the logfile the password is already masked.
....
HostName: proxyhost (Port: 123); Username: prouser; Passwd: Yes


suppressing the whole message explicitely by e.g. "option echo off-deprecate" "open sessionname" "option echo on"
would be perfect, as the user is confused by this message, if the connect takes a time.

many thanks.
Stefan
Advertisements

You can post new topics in this forum

Search

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License