ghostx2 / superputty

Automatically exported from code.google.com/p/superputty
MIT License
0 stars 0 forks source link

Encrypted Database #262

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hello ,

I used PuttyCm but I would like to change to SuperPutty.
Actually, I can't because it does not support encrypted database of PuttyCM 
which permit to store login/password.
I think it is a good feature because PuttyCM permits to autologin to devices 
and login/password are secure ( not clear text)

Do you think it will be possible to implement a secure DB to store 
login/password of devices to manage sessions ?

Best Regards

Original issue reported on code.google.com by thenoo...@gmail.com on 29 Nov 2012 at 7:42

GoogleCodeExporter commented 9 years ago
I vote for this to. It would be great to have some kind of security for stored 
credentials in SP.

Original comment by strugare...@gmail.com on 29 Nov 2012 at 11:28

GoogleCodeExporter commented 9 years ago
Would be a killer-feature.
Probably we can support db with passwords for auto-logon by donations?

Original comment by codegu...@gmail.com on 1 Feb 2013 at 3:59

GoogleCodeExporter commented 9 years ago
that is the feature which is keeping me away from Superputty even though 
PuttyCM project is nonactive.

Original comment by gitcra...@gmail.com on 18 Mar 2013 at 1:22

GoogleCodeExporter commented 9 years ago
Yes this would improve SuperPuTTY greatly. Although I love the interface the 
lack of a password manager is troublesome. The only way to store the password 
in a session that I could find was to use the -pw argument. The problem is it 
then stores the password in clear text in the [session].xml file. This is high 
risk and a bad option. It should at least be hashed.

Original comment by edst...@gmail.com on 16 May 2013 at 11:29

GoogleCodeExporter commented 9 years ago
I vote for this too... 

Original comment by cscr...@googlemail.com on 11 Apr 2014 at 4:16

GoogleCodeExporter commented 9 years ago
I agree

Original comment by chmi...@gmail.com on 2 May 2014 at 9:52

GoogleCodeExporter commented 9 years ago
As far as passwords are concerned, I do not feel confortable in my ability to 
encrypt and protect your passwords. PuTTY is more than capable of doing this 
securely with its public/private key system. For security reasons I always 
enter my password (what if someone sits at my terminal and starts opening 
sessions?). If thats not a concern to you, then there is always the -pw 
argument, which imho is a bad idea, but a worse idea is me encrypting your 
passwords for you. I am open to ideas.

http://www.howtoforge.com/ssh_key_based_logins_putty

Original comment by jimradford@gmail.com on 20 Jun 2014 at 3:14

GoogleCodeExporter commented 9 years ago
I agree that passwords should not be stored in SuperPutty just for for 
commodity. But having a password to open the software and have an encrypted 
database would be a good idea. I type in my password every time I login to a 
device but the security policy/audit would be against having all the IP 
addresses in clear text saved in a file. Also sharing the database with other 
colleagues would be more secure (this would be another reason not to store your 
passwords in SuperPutty).

Original comment by artpixel...@gmail.com on 3 Mar 2015 at 12:54