'View File' (Temporary Files _NOT_ deleted!)

reaction

2003-09-23 10:06:24

I just checked to see wether temporary files that are downloaded to 'View' are deleted when SmartFTP exits... they aren't.

This is a horrendous security flaw, and I hope there is an option in the future to delete 'temporarily' downloaded files.

Also, I just uninstalled SmartFTP, and then reinstalled it, and my servername/username & password were all remembered. A complete uninstall should also delete usernames and passwords (and will save memory).

Also, after a 'complete' uninstall and install, the 'viewed' files remained.

I hope in the future SmartFTP will protect their user's (and their user's user's) security.

R

darix

2003-09-23 10:17:55

I just checked to see wether temporary files that are downloaded to 'View' are deleted when SmartFTP exits... they aren't.

This is a horrendous security flaw, and I hope there is an option in the future to delete 'temporarily' downloaded files.

i agree here.

Also, I just uninstalled SmartFTP, and then reinstalled it, and my servername/username & password were all remembered. A complete uninstall should also delete usernames and passwords (and will save memory).

hmm maybe they should add an option to remove config files on uninstall. but i wouldnt agree it should be default. too many users will kill their settings accidently.

but you can disable password caching in the history or disable the history at all. and of course you can empty the history.

Also, after a 'complete' uninstall and install, the 'viewed' files remained.

i dont think its task of the uninstaller.

I hope in the future SmartFTP will protect their user's (and their user's user's) security.

darix

reaction

2003-10-06 12:24:32

reaction

2003-11-13 14:58:27

Just a reminder to everyone... this is still occurring...

R

reaction

2003-11-13 15:03:24

reaction

2003-11-20 10:28:14

What I would suggest for this, is a non-sticky, exclusive to SmartFTP, temporary folder, where these files are swapped to.

The Windows(tm) temporary folder is used for many apps, and is often difficult to find and-or get to (the windows folder is often protected, and with a public access profile in force, may be completely protected).

Also, there is more than one temporary folder, and it may be difficult to find the correct one without first resulting a search of the entire hard disk, which, if the filename is different, would mean searching for text within the file, and this may take upwards of an hour on a badly unbalanced machine.

The temporary folder is not automatically deleted by windows (unless disc space becomes an issue), and downloads may be left there for years.

All the best,
R

[A message to the SmartFTP moderators here... If I were you, I would inform all users of SmartFTP of this possible security problem]