Don't put password into directory spec

Discuss new features and functions
NoeNie
Posts: 8
Joined: 27 Jul 2019

Post by NoeNie • 27 Jul 2019, 22:36

Hi,

I discovered FreeFileSync for the use case of uploading files to an FTP server quickly and easily. It does better than domain-specific (FileZilla) or commercial products (PhpStorm). Kudos!

What prevents me from using it in practice is that it stores my sensitive password unencrypted in the ffs_sync config file (and, less importantly, displays it in base64 encoding on the UI). For instance, suppose my password is "sdf", then the UI will display the path as
ftp://username@server.com/some/path|ssl|pass64=c2Rm
where c2Rm can be decoded to "sdf".

The other above-mentioned applications provide a feature where you don't provide the password (but still indicate that one is required, i.e. sth like "pass64=<ASK>" or just "pass64" without the "="). Upon first usage (per server+username) the application will ask for the password and, if the connection was successful, will store it in (encrypted?) memory until the application is closed. Would it be possible to add a feature like this to FreeFileSync too?

Thanks

NoeNie
Posts: 8
Joined: 27 Jul 2019

Post by NoeNie • 12 Aug 2019, 21:26

I'd offer my help with implementing this if I had access to the code. Either way, I'd appreciate a response (even if it's just "no" or "working on it with low priority").

User avatar
Plerry
Posts: 762
Joined: 22 Aug 2012

Post by Plerry • 13 Aug 2019, 08:39

You can download the FFS source code in the FFS download page.

bgstack15
Posts: 92
Joined: 7 Jan 2018

Post by bgstack15 • 13 Aug 2019, 11:47

The source code is released in its entirety of the GPL release of the software in the complete tarball. A small group of us have been tracking the history of these releases, and possibly could provide the environment for you to write any patches: https://gitlab.com/opensource-tracking/FreeFileSync

NoeNie
Posts: 8
Joined: 27 Jul 2019

Post by NoeNie • 15 Aug 2019, 08:14

Cool! I'll write a patch when I get time. For now I tried building the existing code on Windows (with WSL if needed) for execution on Windows. I found this https://github.com/jeffli678/build-FreeFileSync so far. Let me know if you have more tips.

bgstack15
Posts: 92
Joined: 7 Jan 2018

Post by bgstack15 • 15 Aug 2019, 11:51

I know nothing about compiling FreeFileSync on Windows, but I build dpkg and rpm packages for myself.

NoeNie
Posts: 8
Joined: 27 Jul 2019

Post by NoeNie • 21 Aug 2019, 21:20

I had a look at how this could be implemented. Unfortunately, the FTP code is quite deeply integrated with AbstractPath and such, which was designed without user interaction in mind. So the dialog that asks the user for the password would probably have to be shown at an earlier point.
Anyway, more importantly, constructing that dialog should probably be done with the wxFormBuilder (to update the gui_generated.cpp file), but the wxFormBuilder project file (.fbp file) doesn't appear to be bundled with the source. Is it available somewhere else?