Closed Sir-Fancy closed 4 years ago
Fix has been provided, so that password prompt will appear only once.
Master password will be there in future
as of v1.0.4 warning text has been added, that password will be stored in plain text. Also the password prompt will appear only once. In future master password and SSH agent functionality will be implemented
Is your feature request related to a problem? Please describe. When a password is saved in the site list, it is saved to the file 'session-store.json' in plain-text. This is a very insecure practice and can make this file a target during a compromise.
Describe the solution you'd like There should be a user setting to allow for a master password to encrypt this file with AES-256 encryption.
Describe alternatives you've considered The only alternative is to not save passwords at all, but since the functionality of this program is based on having many remote functions, each one prompts for a password. Another option to bypass the prompt is by having a private key, but if it is password-protected (which it should be), the user runs into the same issue by having to unlock the private key each time you switch between file browser, terminal, etc.