#21 Security issue re: FTP password

v0.4
closed-wont-fix
nobody
5
2002-01-13
2001-12-28
Anonymous
No

BlogBuddy v0.4 gets the FTP password for the
destination site from the user's Blogger.com template.
The user can't simply enter it on the spot. This means
that the password has to be stored in the template,
and is therefore exposed to any security problems
afflicting Blogger.com.

This problem was highlighted when Blogger.com was
cracked over the Christmas holiday. I love BlogBuddy,
but won't use it or recommend that anyone else use it
until this issue is fixed.

Katherine

Discussion

  • Sigfus R Oddsson

    • status: open --> closed-wont-fix
     
  • Sigfus R Oddsson

    Logged In: YES
    user_id=304142

    The Blogger API does not currently support the sending of
    FTP password through XML-RPC. I realise that this is rather
    unfortunate but there is nothing that can be done about
    this on the blogBuddy.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks