Go Back   FlashFXP Forums > > > > >
Application Password Protection Flaw Application Password Protection Flaw
Tickets Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 06-24-2002, 05:33 AM   #1
Ethanol
Member
FlashFXP Registered User
 
Join Date: Feb 2002
Posts: 82
Default Application Password Protection Flaw
After using the FlashFXP Application Password Protection feature for the first time, I believe that it is ironically more insecure than secure.

I can go onto someone else's machine who does not use Application Password Protection. Type in a password. View all of their passwords. Then clear the password I set again. They would never know any different.

Scenarios:

1. If I don't set a password, and I don't know about Application Password Protection, anyone can see my passwords by just creating a new password, them removing it without my knowledge. INSECURE PASSWORDS.

2. If I don't wish to set a password, but do know about Application Password Protection, then I am forced to use it unwillingly (because of the larger risk of 1). This then gives me the hassle of having to enter a password each time I load FlashFXP (for a feature I don't want) and I can't leave my computer alone without the hassle of minimising Flash to the tray, and locking it (for a feature I don't want). INSECURE PASSWORDS WHEN LEFT OPEN + ADDITIONAL HASSLE.

Either way, my passwords are now less secure in FlashFXP, even though I may not wish to use the new feature.

A possible alternative would be if the user was forced to set a password after they install version 2.x for the first time. They would not be prompted to enter the password on startup of FlashFXP (as this just annoys people). They would only be prompted for the password when they attempt to "reveal" the password to a site. FlashFXP would then allow viewing of passwords for the rest of that session. Alternatively, there could be an option which allows the toggling of Application Password Protection using the existing method. Both options would basically make the person who installs FlashFXP the administrator of the Site Manager, as they would have the password for the application.

Bear in mind, however, that this option still forces the user into using Application Password Protection; protecting all their sites with one password. There will still be a few users who completely do not want this feature made available and probably set different passwords for different sites intentionally.

There is no current way of disabling this feature.
Ethanol is offline  
 

Tags
application, flashfxp, password, passwords, protection

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 05:54 PM.
Archive - Privacy Statement - Top
Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)