Slashdot Mirror
10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins (bleepingcomputer.com)
An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.
By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text.
You've got to be kidding me.
#DeleteChrome
My whole company has standardized on it. I can go to any PC in the building and find Filezilla. To be fair, they standardized on it perhaps 7 years ago. But hey, it still works.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Where are you getting your FileZilla from to have adware? Neither my Mac or Linux system's versions show ads, and I'm getting it from here: https://filezilla-project.org/. Maybe it's just a Window$ thing?
Yes, it is. On the main site I can download the source code and compile it, something I've had to do when the pre-built Linux binaries didn't work on older distros. The software license is GPL v2.
How the fuck is it NOT free software? If you're still referring to it as adware, I'm assuming it's because of the partnership with SourceForge which bundled adware in certain versions of the software (of which you could easily still download a clean version if you knew what you were doing). That program ended quite a while ago. Of course, you'd know this if you bothered to be more understanding and check if what you actually typed matched reality, but that's too much work. Hatred is easier.
The fact that they have near daily updates (Basically every time i turn on filezilla, there is a new client), I am extremely surprised that they wouldn't handle feature requests promptly. What the hell are all the damn updates for then?? NO software can be THAT buggy!
But back in the day, I do remember them implementing a suggestion I pushed for which was the addition of autoban. So I considered them quite responsive.
And for saying "filezilla is DYING!" that hasnt been my experience. I thought it was considered the de-facto standard because: 1) they offer a client on virtually every platform and 2) its the ftp client that ninite installs. Most people who arent using filezilla, are using browser based FTP and locking out their accounts with unstandard behaviour. So i like being able to tell literally anyone, to just go to one website to get a great free ftp client.
I personally don't save passwords in an ftp client in the first place. Perhaps that was why it was not a popular suggestion. The people who are concerned with security enough to know what a master password would do, and yet still want to store their passwords inside the program instead of in their head or document, has got to be a small group. I know its envogue for password managers now and maybe thats why he implemented it.
This is really just a positive story for open source software in general. You can have a program constantly maintained for so long that it can accumulate 10 year old feature requests that ACTUALLY GET IMPLEMENTED! hooray!
-
Naming the developer is less of a deal here than you think - he has been notorious for years because of his stance on this matter. He has rejected patches from third parties trying to fix the deficiency, something which finally led to the fork a year or so ago. Oh, the person who forked the project had suffered a breach where the lack of this feature was a major contributing factor.
I don't use FileZilla and never have, but for me the whole sordid tale raises a question mark against projects of this kind: Any project of this nature is substantially ego driven, the programmer is donating time and energy to provide a service. The problem is when that ego leads him (99% are male) to leave unnecessary deficiencies in the "product"? I'm running an old linux distribution on a machine in my internal network because an important tool was updated around 18 months ago to remove support for something I use a lot. It is a personality clash between the owners of two projects. My old version works.
Look at the decisions Firefox has made recently, I consider some of them to be sabotage, vandalism.
Mielipiteet omiani - Opinions personal, facts suspect.
Someone thanked the developer for adding this feature (after filing a request for it 9 years ago), and he replies
"I'm glad you like a feature that doesn't even increase security."
I hope to never meet or interact with this person, as it is highly frustrating to even read about this interchange from my position of removal (not a filezilla user).
Link here: https://forum.filezilla-project.org/viewtopic.php?f=3&t=64&start=1005#p156191
At a guess, SourceForge, or maybe some other third party download mirror site with similar practices, and yeah, AFAIK, it's mostly a Windows thing. SourceForge - and others - went through a period of bundling crapware with tools being downloaded from them, and since they were a popular means for small projects to offset bandwidth costs a lot of projects got bitten until they were forced to provide an opt out - and FileZilla the poster child for projects involved. There was an outcry, as you'd expect, but I have no idea which the mirror sites stopped the practice or not because this pretty much killed my use of them for downloads (sorry, small projects!), but I believe most mirror sites that are claiming to be reputable either no longer do so at all, or at least provide projects an opt out.
UNIX? They're not even circumcised! Savages!
FileZilla has its faults, but being adware is NOT one of them. It was one of many victims (GIMP and VLC were others) of third party mirror sites like SourceForge that decided to make some additional money by bundling crapware with downloads, often without the knowledge of the projects involved. Unless you've been sourcing your software from a particularly shady mirror site, this bundling was usually made pretty clear during the install process, such as the screenshot in the link.
UNIX? They're not even circumcised! Savages!
Why would anybody still use it?
It turned into spyware years ago and WinSCP is 3000% better.
No sig today...
So you clearly don't use Filezilla.