Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Filezilla's silent caching of user's credentials

From: Jonathan Kamens <jik () kamens us>
Date: Fri, 15 Oct 2010 01:03:31 -0400
On 10/14/2010 05:09 AM, Chris Evans wrote:

In this instance, the most productive way forward might be to submit a
patch. I'm sure the developers would be more receptive to an approach
based on "here's a nice new feature" rather than an approach based on
"pitchforks recruited from full-disclosure".

Quoting from Ryan's message that started this thread
<http://seclists.org/fulldisclosure/2010/Oct/86>:

    There have been quite a few bug and features requests filed, and
    they all get closed or rejected within a week or so. I also posted
    something in the developer forum inquiring about this, and received
    this response:

    "I do not see any harm in storing credentials as long as the rest of
    your system is properly secure as it should be."

It would appear that your certainty that "the developers would be more
receptive..." to a patch is misplaced.

  jik

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: