MasterPassword and /S=S:

JOUBE · Post by *JOUBE » 2023-09-07, 08:09 UTC

If I start from within the Tc a userdefined command with the line:

%COMMANDER_EXE% /S=S:="searches_name" "localpath" "SFTP_connection_name"

then the MasterPassword is requested (because of the SFTP plugin) even if I have given the main password in the current Tc session (with KeepMasterPassword=3 in section [General] in wcx_ftp.ini).

In this case a new instance of Tc is started - that is ok, but it should be possible to send a message about the allready given MasterPassword to the new instance while starting, because of a very strange behavior:

If I open more than one Sync with one Button/StarterMenu/DirMenu line (em_sync1, em_sync2, em_sync3, em_sync4, em_sync5, ...) the MasterPassword-Dialog opens for all connenction separatly (in the example 5 dialogs). But - and this is very strange - if I put the MasterPassword into one dialog of them and press OK the MasterPassword is automaticly copied to all other (in the example 4) dialogs, so I has to confirm the Dialogs only with OK without enterering the MasterPassword again.

Joube

Post by *ghisler(Author) » 2023-09-07, 17:09 UTC

Sorry, sending a plain text password to another program would be a big security risk.

JOUBE · Post by *JOUBE » 2023-09-07, 19:53 UTC

ghisler(Author) wrote: ↑2023-09-07, 17:09 UTC Sorry, sending a plain text password to another program would be a big security risk.

Ok

But what's about this:

JOUBE wrote: ↑2023-09-07, 08:09 UTC If I open more than one Sync with one Button/StarterMenu/DirMenu line (em_sync1, em_sync2, em_sync3, em_sync4, em_sync5, ...) the MasterPassword-Dialog opens for all connenction separatly (in the example 5 dialogs). But - and this is very strange - if I put the MasterPassword into one dialog of them and press OK the MasterPassword is automaticly copied to all other (in the example 4) dialogs, so I has to confirm the Dialogs only with OK without enterering the MasterPassword again.

Do you have an explanation for this: without enterering the MasterPassword again.?

AntonyD · Post by *AntonyD » 2023-09-07, 21:02 UTC

2JOUBE
but why you agreed so quickly with Ghisler?
Obviously that the pass could be sent in encrypted form. So risks will be eliminated.
of course TC should not ask user multiple times in one session. Especially if we use KeepMasterPassword=3

Dalai · Post by *Dalai » 2023-09-07, 21:11 UTC

AntonyD wrote: ↑2023-09-07, 21:02 UTCObviously that the pass could be sent in encrypted form.

And how would the receiving application decrypt it? It needs to know the key. Is TC supposed to send the key along with the encrypted password? Wouldn't be any more secure than clear text... Master passwords are supposed to be entered by the user, not be sent (or stored) anywhere.

Regards
Dalai

JOUBE · Post by *JOUBE » 2023-09-07, 23:45 UTC

AntonyD wrote: ↑2023-09-07, 21:02 UTC of course TC should not ask user multiple times in one session. Especially if we use KeepMasterPassword=3

It isn't one session. Therefore, it needs to think again about how best to handle this. Maybe like this: The routine does not require a new Tc instance but just runs in its own thread. Or so...

2ghisler(author) and antonyD
I'm also expecting a qualified answer from ghisler(author) on the topic of how it is that the password is obviously distributed from one dialog to other dialogs: Is this a Tc or a Windows topic, etc... in the context when we talk about security issues. However, I just want to understand the context in this case and not want it to be changed, because that would of course be much inconvenient.

Joube

Post by *ghisler(Author) » 2023-09-10, 09:34 UTC

Moderator message

Moved to will not be changed

Total Commander

MasterPassword and /S=S:

MasterPassword and /S=S:

Re: MasterPassword and /S=S:

Re: MasterPassword and /S=S:

Re: MasterPassword and /S=S:

Re: MasterPassword and /S=S:

Re: MasterPassword and /S=S:

Re: MasterPassword and /S=S: