Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: 5.1.7 (build 3446) does NOT mask passwords in logfile

Only passwords in open command log record are masked. If you are referring to a "Command-line" record, then indeed it's not masked out. You have to stored the password to a script to have it masked. There are so many ways to pass a password on command-line, that it's would be very difficult to locate it to mask it out. Also note that process command-line parameters is a public information. Any other process on a system can retrieve that. So if you are that concerned about security, do not pass passwords on command-line.
andnet81

5.1.7 (build 3446) does NOT mask passwords in logfile

Attention! This is a major problem and a huge security issue.


Although the bugtracker shows this as RESOLVED,
passwords in "open" command line commands are visible in clear text.


In related news: It seems WinSCP.com executable does not have a switch/command to output a version. If this is correct, consider implementing this, because it best practice to do so.

5.1.7 (build 3446) is what the Exe-file says.