Your best friend for file transfer.Fetch
password clearing for anon access (2 posts)
- Started 12 years ago by john
- Latest reply 12 years ago from Jim Matthews
as a security measure, can you not send a password from the password field when logging in anonymously?
the scenario is that i have a machine set up as my default shortcut, including username and password. to connect anonymously to another site, i typed in a new machine name, new user name, and <i>hit enter to connect before deleting my password.</i> so i connected anonymously to another site, but instead of it sending my email as password, it sent, and logged the actual pw i use for a different site. this is a security risk since if anyone can guess my remote host, they now know my pw for it.
so this isn't a fetch bug, but it's a feature that would avoid inadvertent passing of passwords to other hosts.
i think the algorithm could be (1) if you alter the host name or user id, it clears the password field, or (2) if you set the user id to blank or guest or anonymous, it clears the password field, or (3) it queries you in the above cases that you want to send the previous password to the new host.
i don't think any of these actions would negatively impact intended normal behavior, and would only help accidental situations like the one i describe above.
Jim Matthews Administrator
Those are good suggestions; they won't make it into 4.0, but I'll add them to my list for the next version.
- Page 1
This topic has been closed.