Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Filezilla Warning!

Featured Replies

Here is a thread that discusses some potential exploits.

Nice find klikster. Been a member of WebMasterWorld for years now but usually only stick to a few forums. I use FileZilla all day!

I really don't have a clue about the subject

I don't see any issue here. If you use FTP you are sending your account credentials *in the clear* over the network. It's far more likely that your credentials will get picked up that way than off your machine.

Much better to use SFTP with key-based authentication if you can.

I remember reading a couple of years ago that passwords in filezilla were stored in plain text xml file.Crikey it still hasn't been secured!

Warning: FileZilla FTP Passwords now Stored in Plaintext

WinScp is good free alternative and you can use SFTP

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

  • Author

Well I opened the 'potentials exploits' link then I read right thru to the end,then I closed the 'potential exploits' link

and I'm still none the wiser......

like....'what's it all about Ralphie ?'

I suppose that like a lot of 'my generation I just don't understand 'computalk'.

Oh well............

I had pretty much the same reaction, Traxster. I had recently read some report about Filezilla's new features and decided to try it. "Untried" it right away.

Filezilla is an excellent FTP client, no need to avoid it. You can clear saved password in the quick connect bar, if you're worried about it.

Quite likely that your browser and email client are storing unencrypted passwords as well.

FileZilla stores passwords in plain text on your computer. Anyone (or any program or trojan or virus) that knows where to look can read these unencrypted files and retrieve all your saved usernames and passwords.

So the message is: DO NOT SAVE PASSWORDS IN FILEZILLA.

Well why use FTP at all then? It's totally insecure.

Well why use FTP at all then? It's totally insecure.

That is about transmission of unencrypted data (including passwords), which can be intercepted if someone is sniffing packets to and from your computer (a bit like someone listening in on your telephone calls).

This thread is more to do with passwords being stored on the user's computer by FileZilla in a text file that can be easily be opened and seen without very little effort by anyone or any program (including viruses or trojans).

Yes, SFTP or FTPS is more secure than FTP due to encryption of the data stream, but if someone is intent on continuing to use FileZilla, at least they should remove the saved passwords.

I know what its about. The point is that our browsers, email clients and other software don't securely store passwords either, so why single out this as an "exploit" in Filezilla? It would be a lot fairer to have said 'don't store *any* passwords on your computer'.

Unless you explicitly encrypt stored passwords with a separate key or password that isn't accessible on the system, they are vulnerable.

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.