Quantcast

[ jEdit-users ] FTP plugin master password

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[ jEdit-users ] FTP plugin master password

Mark Goodge
I recently upgraded jEdit and installed a new set of plugind, including
the FTP plugin. This now wants me to set a master password in order to
save passwords to the local disk.

I neither need, nor want, this feature. But I cannot find out how to
disable it, or force it to accept an empty password. Nor can I work out
how to change the password once I've set it.

Can anyone given me any pointers on any of these? At the very least, I
need to be able to easily change the master password without losing any
already saved passwords.

Mark

------------------------------------------------------------------------------
--
-----------------------------------------------
jEdit Users' List
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jedit-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [ jEdit-users ] FTP plugin master password

Alan Ezust-3
Administrator

It no longer saves without encryption to some master password.
Your only option is to tell it to not save at all.

I felt that the previous technique of saving passwords (FTP 1.0.3 and earlier) was almost like plain-text password storage which is not a good idea.


On Fri, Nov 25, 2016 at 4:57 AM, Mark Goodge <[hidden email]> wrote:
I recently upgraded jEdit and installed a new set of plugind, including
the FTP plugin. This now wants me to set a master password in order to
save passwords to the local disk.

I neither need, nor want, this feature. But I cannot find out how to
disable it, or force it to accept an empty password. Nor can I work out
how to change the password once I've set it.

Yeah, there is no way to do that right now.


Can anyone given me any pointers on any of these? At the very least, I
need to be able to easily change the master password without losing any
already saved passwords.

There is no way to do that right now either, sorry.


------------------------------------------------------------------------------

--
-----------------------------------------------
jEdit Users' List
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jedit-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [ jEdit-users ] FTP plugin master password

Alan Ezust-3
Administrator
HOWEVER, if you select "use a key file for encrypting passwords/passphrases", then you only need to enter the master password ONCE and it will encrypt that and store it so you don't have to enter it again.


------------------------------------------------------------------------------

--
-----------------------------------------------
jEdit Users' List
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jedit-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [ jEdit-users ] FTP plugin master password

Mark Goodge
In reply to this post by Alan Ezust-3
On 26/11/2016 00:56, Alan Ezust wrote:
>
> It no longer saves without encryption to some master password.
> Your only option is to tell it to not save at all.
>
> I felt that the previous technique of saving passwords (FTP 1.0.3 and
> earlier) was almost like plain-text password storage which is not a good
> idea.

This really ought to be a user-selectable option, though.

>     Can anyone given me any pointers on any of these? At the very least, I
>     need to be able to easily change the master password without losing any
>     already saved passwords.
>
>
> There is no way to do that right now either, sorry.

That's a show-stopper, as far as I'm concerned.

Offering the option to encrypt the saved passwords with a master
password is a good idea. Making the use of a master password compulsory
may be acceptable, provide it's done in a user-friendly way. But
requiring the use of a password that cannot be changed without the loss
of stored data is completely unacceptable. If I was in a situation where
a master password would actually be useful to me (eg, if other people
had access to my stored passwords and I needed to protect them), then if
the master password ever became known to other people I'd have to choose
between maintaining my security or keeping my stored data. Which is just
plain daft.

Anyway, I've solved the problem for now by downgrading to version 1.03,
which I'll stick with until the current version gives more control over
the master password option.

Mark


------------------------------------------------------------------------------
--
-----------------------------------------------
jEdit Users' List
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jedit-users
Loading...