Forum » Feature Requests »

Post a reply

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

Makc666

2016-12-27 09:05

When you open "Generate Session URL/Code..." switch to Tab ".NET assembly Code".
You will see the password there in "normal" way.

Charles Sorgie

Re: Add ability to copy site password

2016-12-27 08:24

While it does convert the special characters to hex this is a good to know. Thank you for pointing it out.

Makc666

Re: Add ability to copy site password

2016-12-27 08:11

At Configuring Session (Login Dialog) make right click on your site entry.
And select "Generate Session URL/Code...".

You will get your password.

This is the quickest way for now.

Charles Sorgie

Re: Add ability to copy site password

2016-12-26 21:41

Makc666 wrote:
Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):
open sftp://%USERNAME%:%PASSWORD%@example.com

...
can be called from this batch file (“configuration file”):
@echo off

set USERNAME=martin

set PASSWORD=mypassword

winscp.com /script=example.txt

In the GUI there is a field where you can enter a password. If you bring up a site where you have saved a password, you see bullets. I meant a button that shows the password previously entered. As it stands I need to use a separate application to store the passwords.

Charles Sorgie

Re: Add ability to copy site password

2016-12-26 21:28

martin wrote:

Anyway, you can use /loglevel=0*- to disable password logging.
I've documented this: https://winscp.net/eng/docs/commandline#logging

Thank you! I beleive with this I can solve my problem.

martin wrote:

In general, you should always isolate your script from the GUI configuration to avoid these kind of problems:
https://winscp.net/eng/docs/scripting#configuration

I am isolating the critical parts of the script, aren't I? I'm specifying a session URL and /log /loglevel which override the GUI configuration settings.

martin

Re: Add ability to copy site password

2016-12-26

In general, you should always isolate your script from the GUI configuration to avoid these kind of problems:
https://winscp.net/eng/docs/scripting#configuration

Anyway, you can use /loglevel=0*- to disable password logging.
I've documented this: https://winscp.net/eng/docs/commandline#logging

Charles Sorgie

Re: Add ability to copy site password

2016-12-22 21:43

martin wrote:

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

See https://winscp.net/eng/docs/faq_password

I was unaware of (2). Logging > Log Passwords and other sensitive information defeats the changes I made because the HKCU is unencrypted and it can be set maliciously, true?

It seems that /log=<path> overrides the Logging > Log to file path but /loglevel=0 (without the "*") does not override the Log Passwords and other sensitive information preferences setting. How do I prevent the malicious setting of the preference and logging of passwords to a file?

It also seems that I cannot solve the problem by redirecting stdout because the preference specifies a path, true?

I do not understand. If I follow the procedure outlined here:
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

...then if "Log Passwords and other sensitive information" is set is the password still logged? Is there any way to prevent the logging of passwords even if "Log Passwords and other sensitive information" is set?

It seems that either /loglevel=n without a "*" should suppress password/sensitive logging OR something like /loglevel=n- ought to be supported to suppress it. Do you consider the former not overriding the preferences setting to be a feature or a bug?

A way to ensure in the script that passwords are not logged in the current version regardless of preference settings would be greatly appreciated. Thank you for your help.

martin

Re: Add ability to copy site password

2016-12-22

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

See https://winscp.net/eng/docs/faq_password

Makc666

Re: Add ability to copy site password

2016-12-22 11:51

Charles Sorgie wrote:

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.

What do you mean by "view a site password"?

When you use WinSCP scripting you can keep it in %PASSWORD% and use it any where you want in your script.
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation#scripting

For example, following script (example.txt):

open sftp://%USERNAME%:%PASSWORD%@example.com

...

can be called from this batch file (“configuration file”):

@echo off

set USERNAME=martin

set PASSWORD=mypassword

winscp.com /script=example.txt

Charles Sorgie

Add ability to copy site password

2016-12-22 02:59

Add the ability to view a site password and/or copy it to the clipboard. In this way the specified site password can be copied and used an another context.