Any reasonable Mac application should at at a minimum use Keychain for the storage of credentials. I don't know the history of Filezilla's password storage but agree that if it's still really storing passwords in plain text then you have a right to be concerned. In addition, it's a Java application, which I have personally banished from my Macs. The reason was not any of those listed but that it is horribly slow at anything it does. But after what I read about FileZilla, it made me very aware how one little thing could destroy all of my other security efforts.Īnd like so many things with security, how do you really know what you are using is safe?Īlthough a CyberDuck user for many years I finally abandoned it a few years ago. I feel really stressed right now! *sigh* I have spent all of this time securing my VPS, and figured installing an FTP client was the easiest part. That seems really ignorant and negligent to me! I have read his views, and he sees NO ISSUE with storing passwords as plain-text "because it's up to your operating system to protect them!" While CyberDuck looks promising, I have these questions/concerns.ġ.) How does CyberDuck store log-in credentials?Ģ.) Is it possible to just use Keys for logging into my VPS, and thus bypass needing to give out my cPanel username and password?ģ.) Do you think CyberDuck is more secure than most FTP clients?Ĥ.) What do you think about the creator of FileZilla's views on security? Security is extremely important to me, and after finding out last night that FileZilla stores your passwords in plain-text, it is time to look for a new solution!! It looks like a decent product, but their documentation is lacking, and there is no way to contact the creators?! Does anyone have experience using CyberDuck as an SFTP client?
0 Comments
Leave a Reply. |