Your best friend for file transfer.

Fetch application logoFetch

password clearing for anon access (2 posts)

This is an archived topic. The information in it is likely to be out-of-date and no longer applicable to current versions of Fetch.
  • Started 13 years ago by john
  • Latest reply 13 years ago from Jim Matthews
  • john Member

    as a security measure, can you not send a password from the password field when logging in anonymously?

    the scenario is that i have a machine set up as my default shortcut, including username and password. to connect anonymously to another site, i typed in a new machine name, new user name, and <i>hit enter to connect before deleting my password.</i> so i connected anonymously to another site, but instead of it sending my email as password, it sent, and logged the actual pw i use for a different site. this is a security risk since if anyone can guess my remote host, they now know my pw for it.

    so this isn't a fetch bug, but it's a feature that would avoid inadvertent passing of passwords to other hosts.

    i think the algorithm could be (1) if you alter the host name or user id, it clears the password field, or (2) if you set the user id to blank or guest or anonymous, it clears the password field, or (3) it queries you in the above cases that you want to send the previous password to the new host.

    i don't think any of these actions would negatively impact intended normal behavior, and would only help accidental situations like the one i describe above.

    thanks -
    john

    Posted 13 years ago #

  • Jim Matthews Administrator

    Those are good suggestions; they won't make it into 4.0, but I'll add them to my list for the next version.

    Thanks!

    Jim Matthews
    Fetch Softworks

    Posted 13 years ago #

Topic closed

This topic has been closed.