WordPress.org

Ready to get started?Download WordPress

Forums

SSH SFTP Updater Support
SSH Info requested repeatedly (7 posts)

  1. Justin
    Member
    Posted 11 months ago #

    Each time I remove a plugin or theme I am re-prompted to enter my SSH info (host, private key, etc), luckily it is already populated from the first time I filled it out. Is this a bug or a feature?

    http://wordpress.org/plugins/ssh-sftp-updater-support/

  2. TerraFrost
    Member
    Plugin Author

    Posted 11 months ago #

    Does it re-prompt you for credentials when doing things via FTP? I imagine it would - that it's probably logging in via FTP / SFTP and actively deleting the files associated with that plugin / theme. If that's the case then that's just the way WordPress is designed. It'd have to ask you for your credentials each time..

  3. Justin
    Member
    Posted 11 months ago #

    I'm not positive I understand your question, but if you are asking if when I delete a file via SFTP with a tool like FileZilla am I prompted to login, I suppose the answer is yes, once, then I am able to delete anything I want until I close the connection.

    What I don't understand is why the plugin (since it has clearly saved all my SSH info) is showing me the screen to enter all my info again when I perform an action that uses the plugin (like deleting a theme). It seems like it's just confirming my info every time, which is unnecessary.

  4. TerraFrost
    Member
    Plugin Author

    Posted 11 months ago #

    I'm not positive I understand your question, but if you are asking if when I delete a file via SFTP with a tool like FileZilla am I prompted to login, I suppose the answer is yes, once, then I am able to delete anything I want until I close the connection.

    I mean like with other built-in WordPress methods. Like if you try to install a plugin via FTP, if you can, I imagine it'd behave similarly.

    What I don't understand is why the plugin (since it has clearly saved all my SSH info) is showing me the screen to enter all my info again when I perform an action that uses the plugin (like deleting a theme). It seems like it's just confirming my info every time, which is unnecessary.

    That's probably your browser that's saving the info - not the plugin. The plugin doesn't save your info anywhere since doing so could constitute a vulnerability. ie. what if WordPress had an SQL injection vulnerability. Just SQL inject a SELECT and you get the SFTP credentials from the DB and then that SQL injection is the least of your concerns.

  5. Justin
    Member
    Posted 11 months ago #

    I would hope it doesn't save them to the DB. However It could save/load them from a PHP config file just like WordPress does with the DB connection info.

  6. Justin
    Member
    Posted 11 months ago #

  7. TerraFrost
    Member
    Plugin Author

    Posted 11 months ago #

    You should still be able to do that with this plugin. FTP_HOST, FTP_USER, FTP_PASS, FTP_PRIKEY are the constants you should be using.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags