I've only recently become aware of how dangerous it is to let software store ftp passwords for you.
Apparently almost no ftp clients encrypt this info, and just leave it lying around in plain text files.
There are viruses/malware in the wild which can look for and grab these files, and send them to
a recipient in a nanosecond.
I have a VPS, and I use SFTP to connect to my sites with webuilder, which makes the connection secure (I hope).
But can anyone tell me if the storage of saved/remembered passwords is encrypted?
Or should I be using something like KeePass to store all the account info, instead of within webbuilder itself?
Thanks.
bonus question -
When I connect to a cpanel account using SFTP and the account's main user, this user can navigate above the /home folder and into the very root of the cpanel account. That seems like very strange default behaviour! At the moment, it's ok because they're my personal accounts. But if I give some cpanel accounts to other people, how would I keep them in their home folder? Do I need to use openSSH, chrooting and 'jailing', or is their an easier way to make /home/[username] their root directory?
password storage
Moderator: kfury77
Forum rules
Please try to follow these guidelines. This will help to receive faster and more accurate response.
Please try to follow these guidelines. This will help to receive faster and more accurate response.
- Check the Support section of the corresponding product first. Chances are you will find your answer there;
- Do not create new topics for already reported problems. Add your comments to the existing topics instead;
- Create separate topic for each problem request. Do NOT post a number of non-related problem reports in a single topic;
- Give your topic a meaningful title. Titles such as "A question," "Bug report" and "Help!" provide others no clue what your message is about;
- Include the version number of the software you are using;
- This is not an official customer support helpdesk. If you need a prompt and official response, please contact our support team directly instead. It may take a while until you receive a reply in the forum;
Re: password storage
Hi,
Password is kept encrypted inside Windows Registry. So, it is not very likely someone will be able to steal it from there and then decrypt it.
Gatis
Password is kept encrypted inside Windows Registry. So, it is not very likely someone will be able to steal it from there and then decrypt it.
I am not sure about this, but I think the problem might be connected to the configuration of your FTP settings on your FTP server. There must be some protection against unwanted access. Otherwise it would be very easy to acess things one should not be able to.When I connect to a cpanel account using SFTP and the account's main user, this user can navigate above the /home folder and into the very root of the cpanel account. That seems like very strange default behaviour! At the moment, it's ok because they're my personal accounts. But if I give some cpanel accounts to other people, how would I keep them in their home folder? Do I need to use openSSH, chrooting and 'jailing', or is their an easier way to make /home/[username] their root directory?
Gatis
Kind regards,
Gatis Avots
Gatis Avots
Re: password storage
> Password is kept encrypted inside Windows Registry. So, it is not very likely someone
> will be able to steal it from there and then decrypt it.
That's great to know. FireFTP/Firefox, Filezilla and most others simply keep the login
details in an unencrypted plain text file. I'm having to use KeePass with those programs.
> I think the problem might be connected to the configuration of your FTP settings on your FTP server
FTP is provided by WHM/Cpanel, and works as desired.
As far as I know, SFTP uses SSH and doesn't use the FTP server settings. But I can't see where to easily
set-up the home directory without going through all the headache of chrooting/jailing specific users.
I'll do some more research into it.
Thanks.
> will be able to steal it from there and then decrypt it.
That's great to know. FireFTP/Firefox, Filezilla and most others simply keep the login
details in an unencrypted plain text file. I'm having to use KeePass with those programs.
> I think the problem might be connected to the configuration of your FTP settings on your FTP server
FTP is provided by WHM/Cpanel, and works as desired.
As far as I know, SFTP uses SSH and doesn't use the FTP server settings. But I can't see where to easily
set-up the home directory without going through all the headache of chrooting/jailing specific users.
I'll do some more research into it.
Thanks.