View Single Post
Old 07-13-2002, 06:02 AM  
Ethanol
Member
 
Join Date: Feb 2002
Posts: 82
Default

I still believe it should be an option on install. Passwords are highly sensitive, and being as freely available as they now are is a high security risk. I don't see many corporate users wishing to invest in a product which forces you to use one password for all of your sites (which is essentially what it is doing).

I suggest a better implementation (although it would require further coding), would be to ask the user on install whether they would like to install the Application Password Protection feature or not, and give them a warning explaining how it works. For those who do the sites may as well be written in plain text (from what I've read from above). For those who do not (e.g. corporations who actually want secure passwords), each password should generate a unique hash, breakable only by brute-force attempts.

By adding this feature, you are admitting that there is a security risk, and pretty much stating that because there is a risk, you might as well integrate that risk into FlashFXP. I mean, it's a bit like MS abandoning their 25-figure product keys, because they're easy enough to find on the web anyway.

It's all very well removing APP from the GUI, but it is just as easy to re-add it by reversing what you have just said.
Ethanol is offline