Limitations: Difference between revisions
From FileZilla Wiki
Jump to navigationJump to search
(Replaced content with "test") |
m (Reverted edits by 62.192.66.236 (talk) to last revision by 188.100.253.217) |
||
Line 1: | Line 1: | ||
;Plaintext username and password storage | |||
:The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530 | |||
FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla. | |||
;FileZilla ignores leading space of filename or directory | |||
:This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces. | |||
;Download process goes beyond 100% | |||
:Some FTP servers like Microsoft IIS as FTP server have a severe bug. They advertise resume support and accept the resume command, but instead of resuming, they send the complete file again. Unfortunately this cannot be detected client-side. But be aware that there are valid cases in which a transfer can be larger than the reported file size, for example if new data is appended to the file while it is being downloaded (like log files). |
Revision as of 14:12, 5 December 2018
- Plaintext username and password storage
- The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530
FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla.
- FileZilla ignores leading space of filename or directory
- This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces.
- Download process goes beyond 100%
- Some FTP servers like Microsoft IIS as FTP server have a severe bug. They advertise resume support and accept the resume command, but instead of resuming, they send the complete file again. Unfortunately this cannot be detected client-side. But be aware that there are valid cases in which a transfer can be larger than the reported file size, for example if new data is appended to the file while it is being downloaded (like log files).