Limitations: Difference between revisions

From FileZilla Wiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
;Plaintext username and password storage
:The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530
FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla.
FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla.


#;FileZilla ignores leading space of filename
#;FileZilla ignores leading space of filename
:This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces.
:This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces.
;2. Plaintext username and password storage
:The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530

Revision as of 16:53, 21 September 2012

Plaintext username and password storage
The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530

FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla.

  1. FileZilla ignores leading space of filename
This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces.