Plain Password in downloadlink of ftp destination

  • jellox

    (@jellox)


    9 years, 11 months ago

    Currently when using a ftp destination the downloadlinks in the dashboard reveal the credentials. If using SSL/TLS a ftp:// link in the dashboard won’t help much, right?

    Not sure how much work is needed to extract the password in other ways but a simple click in the dashboard currently reveal the ftp account data.

    Is this by design? Can this be behavior be changed to make it harder to get the credentials? Or is ftp used that seldom?

    https://wordpress.org/plugins/backwpup/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Daniel Hüsken

    (@danielhuesken)

    9 years, 11 months ago

    If we will made it harde we must first download the File from ftp and than start the dwnload from the webseite. With this the download will be don directly from the FTP Server.

    Thread Starter jellox

    (@jellox)

    9 years, 11 months ago

    Thanks for your time, Daniel.

    As far as i know, there is no URL for TLS/SSL ftp? So ftp:// is transferring the password/username PLAIN. This sounds for me like asking for trouble. Not sure that is the comfort these users want.

    Abandon that link completely 😉 Yes, user who isn’t crying for more features but for less.

    A pushed backup is no backup, since a hacker got the credentials two. A lot better to use a FTP client to download these backups from the ftp destination.

    Whats is the most popular destination: S3? In Germany? HE S3?

    Plugin Author Daniel Hüsken

    (@danielhuesken)

    9 years, 11 months ago

    The most Popular destination is Dropbox.

    I will discus in our team what we will do with that feature.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plain Password in downloadlink of ftp destination’ is closed to new replies.