Bug 371796

Summary: FTP KIO slave does not cache password provided by URL
Product: [Frameworks and Libraries] frameworks-kio Reporter: Alex Bikadorov <alex.bikadorov>
Component: FTPAssignee: David Faure <faure>
Status: REPORTED ---    
Severity: wishlist CC: kdelibs-bugs, nate
Priority: NOR    
Version: 5.27.0   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Bug Depends on:    
Bug Blocks: 335668    

Description Alex Bikadorov 2016-10-28 19:07:33 UTC 
When connecting to a FTP server with a URL containing the password ( ftp://user:password@server.com ) the password is not saved internally in KIO. For browsing to another directory or opening files the password must always stay in the URL or it is asked again.

On the other hand if no password is provided in the URL it is asked for in a KIO internal password dialog and cached. URls do never have to contain the password.

So why not caching the password provided in the URL, too? After that the password does not have to be included in plain text anymore.

Currently Dolphin and Krusader can open FTP connections but never remove the password from the URL. This is imo highly insecure, all file URLs contain the password when opening them (password is send to opening application!) or copying them to clipboard (and maybe saved in clipboard history. And the user might not even be aware of this cause the password is omitted in the navigation bar.