Don't put password into directory spec

Discuss new features and functions
NoeNie
Posts: 5
Joined: 27 Jul 2019

Post by NoeNie • 27 Jul 2019, 22:36

Hi,

I discovered FreeFileSync for the use case of uploading files to an FTP server quickly and easily. It does better than domain-specific (FileZilla) or commercial products (PhpStorm). Kudos!

What prevents me from using it in practice is that it stores my sensitive password unencrypted in the ffs_sync config file (and, less importantly, displays it in base64 encoding on the UI). For instance, suppose my password is "sdf", then the UI will display the path as

Code: Select all

ftp://username@server.com/some/path|ssl|pass64=c2Rm
where c2Rm can be decoded to "sdf".

The other above-mentioned applications provide a feature where you don't provide the password (but still indicate that one is required, i.e. sth like "pass64=<ASK>" or just "pass64" without the "="). Upon first usage (per server+username) the application will ask for the password and, if the connection was successful, will store it in (encrypted?) memory until the application is closed. Would it be possible to add a feature like this to FreeFileSync too?

Thanks

NoeNie
Posts: 5
Joined: 27 Jul 2019

Post by NoeNie • 12 Aug 2019, 21:26

I'd offer my help with implementing this if I had access to the code. Either way, I'd appreciate a response (even if it's just "no" or "working on it with low priority").

User avatar
Plerry
Posts: 687
Joined: 22 Aug 2012

Post by Plerry • 13 Aug 2019, 08:39

You can download the FFS source code in the FFS download page.

bgstack15
Posts: 71
Joined: 7 Jan 2018

Post by bgstack15 • 13 Aug 2019, 11:47

The source code is released in its entirety of the GPL release of the software in the complete tarball. A small group of us have been tracking the history of these releases, and possibly could provide the environment for you to write any patches: https://gitlab.com/opensource-tracking/FreeFileSync

NoeNie
Posts: 5
Joined: 27 Jul 2019

Post by NoeNie • 15 Aug 2019, 08:14

Cool! I'll write a patch when I get time. For now I tried building the existing code on Windows (with WSL if needed) for execution on Windows. I found this https://github.com/jeffli678/build-FreeFileSync so far. Let me know if you have more tips.

bgstack15
Posts: 71
Joined: 7 Jan 2018

Post by bgstack15 • 15 Aug 2019, 11:51

I know nothing about compiling FreeFileSync on Windows, but I build dpkg and rpm packages for myself.