Security improvements for SFTP (ask for password)--worth 20 Euro to me

Discuss new features and functions
Posts: 22
Joined: 31 Jul 2016

eRCaGuy

First off, EXCELLENT software, many thanks!
I wish the portable version remained no cost too, but that's my problem. I see it's not no cost in 8.7.

Now for my real concern:

I am an admin on a shared Windows computer. Other admins use the same Windows account (it's a shared development workstation). I want to be able to securely back up files over an encrypted connection to my home server, with*out* others getting that ability (and my network password) too!

What currently happens: the password is saved and visible in my FreeFileSync script and batch file. Other users can just read my password unless I manually delete it and resave the script each time when done.

What I'd like to happen: I'd like a checkbox that says "Remember password" that I can just uncheck. If I try to run a batch file to backup to my home server and my SSH password is not there, have it just ask for it on the spot, without forcefully retaining it. Now, I get my one-click batch file backup system (plus typing a password each time), withOUT my fellow admins seeing my home server password!

I'll give you a 20 Euro donation if you please implement the following:

Add option to not store SSH username and PW:
ex: a checkbox that says “Remember username” (default unchecked)
and “Remember password” (default unchecked)
also: “Remember server name or IP address” (default checked), and “Remember port” (default checked)

-Now, whenever you try to run a backup, even if from a batch file, have it simply prompt you to type in the missing information (mandatory), with the above check-boxes visible so you can optionally modify them right there too (optional).


-----------------------------

Side note: The 8.6 portable version wasn't really portable at all: I'd copy it from one computer to another (to run without admin rights since I'm not an admin on those PCs), and it has some sort of .dat file issue which makes it not truly portable since it only works on the drive on which it was first "installed" as a portable version.
-please fix that. I've had to use the older versions instead, in order to avoid this issue.
Posts: 22
Joined: 31 Jul 2016

eRCaGuy

Bump. What do you think?
User avatar
Site Admin
Posts: 7211
Joined: 9 Dec 2007

Zenju

Certainly doable, but I'm not sure how many users would benefit from this rather specific requirement.
User avatar
Posts: 2451
Joined: 22 Aug 2012

Plerry

If you can locally apply a drive mapping (assigning a drive letter) to the sync root folder at home, e.g. by connecting via a VPN or via WebDav, you might be able to totally prevent the problem.
In FFS you then simply refer to your mapped drive letter for your "right" location.
FFS will then not ask for and store your credentials. Rather, Windows will use the credentials stored (fairly securely) in Windows for that network location. This is user specific, so others do not even see the mapped drive or have access to your credentials.
Posts: 22
Joined: 31 Jul 2016

eRCaGuy

Certainly doable, but I'm not sure how many users would benefit from this rather specific requirement.Zenju
All users using SFTP would benefit I think....it's a good security practice to give people the option whether or not to save passwords. Imagine if Google Chrome or Internet Explorer or Firefox enforced the mandatory saving of your passwords for instance....

We need the option please.
Posts: 6
Joined: 17 Jun 2016

fblaha

I agree, I use SFTP in the same condition as described above, and leaving the password it's, I beleive, the only problem I find in ffs.
Posts: 22
Joined: 31 Jul 2016

eRCaGuy

Bump. Referring to my 1st post: I raise my ante to $25 Euros.
User avatar
Site Admin
Posts: 7211
Joined: 9 Dec 2007

Zenju

I've added Pageant support, which should solve this requirement, too:
viewtopic.php?t=1953&start=25#p14921