Bug 371796 - FTP KIO slave does not cache password provided by URL
Summary: FTP KIO slave does not cache password provided by URL
Status: REPORTED
Alias: None
Product: frameworks-kio
Classification: Frameworks and Libraries
Component: FTP (show other bugs)
Version: 5.27.0
Platform: Other Linux
: NOR wishlist
Target Milestone: ---
Assignee: David Faure
URL:
Keywords:
Depends on:
Blocks: 335668
  Show dependency treegraph
 
Reported: 2016-10-28 19:07 UTC by Alex Bikadorov
Modified: 2018-08-22 20:34 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Bikadorov 2016-10-28 19:07:33 UTC 
When connecting to a FTP server with a URL containing the password ( ftp://user:password@server.com ) the password is not saved internally in KIO. For browsing to another directory or opening files the password must always stay in the URL or it is asked again.

On the other hand if no password is provided in the URL it is asked for in a KIO internal password dialog and cached. URls do never have to contain the password.

So why not caching the password provided in the URL, too? After that the password does not have to be included in plain text anymore.

Currently Dolphin and Krusader can open FTP connections but never remove the password from the URL. This is imo highly insecure, all file URLs contain the password when opening them (password is send to opening application!) or copying them to clipboard (and maybe saved in clipboard history. And the user might not even be aware of this cause the password is omitted in the navigation bar.