[Bug] Able to delete websites without master password

Hi. I just realized that I was able to delete a couple of my websites without WinSCP asking me for a master password. Just wanted to let you know.

The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.

martin wrote:

The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.

That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?

BarisUnver wrote:

martin wrote:

The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.

That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?

The only way to prevent that would be encrypting the config INI file itself or, in the case settings are saved to Registry, restricting permissions of the registry key. And wscp does not do this.

BarisUnver wrote:

That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?

Encryption cannot prevent the data from being damaged.