- Since the
SessionOptionsobject already has the host name, WinSCP could use the host name/master password pair to look up the session user name & password, as the GUI already does. This avoids the security risk of having the unencrypted password in a script, or storing it on the local machine, where it could be found by a computer repair technician or hacker. A script that wants to use the master password would simply prompt a user to enter it when the script is launched (just like the GUI does).
- If the server user name or password ever changes, the user has to tell WinSCP about the change in only one place (the GUI).