Limitations: Difference between revisions

From FileZilla Wiki
Jump to navigationJump to search
(VaYZTlyk)
m (Reverted edits by 65.202.239.135 (talk) to last revision by 80.4.170.68)
Line 1: Line 1:
Good point. And why was all this intimate cusmtoer information even available online at all, let alone publicly accessible? Same goes for power stations et al, there are certain things that just should be off the grid.Still, I just have knee jerk reaction whenever I hear any database administrator ANYWHERE in 2011 storing passwords as plaintext. It just... it just... it makes my head spin.
;Plaintext username and password storage
:The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530
 
FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla.
 
#;FileZilla ignores leading space of filename
:This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces.

Revision as of 09:21, 29 September 2012

Plaintext username and password storage
The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530

FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla.

  1. FileZilla ignores leading space of filename
This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces.