Saturday 6 October 2012

Securing your FileZilla settings from prying eyes

FileZilla save FTP site settings in plain text including passwords.
There is no way to save FTP passwords in encrypted form (as of my knowledge). The only thing we can do is, save FileZilla settings to encrypted volume/disk.

To do it we we need edit fzdefaults.xml file and change 'Config Location' property to location where we want to save our passwords.
Here are steps we need to follow

1. Find fzdefaults.xml.example file. On my debian squeeze it is located at '/usr/share/doc/filezilla-common/examples/'. Issue following command to find it at your computer

sudo find -name fzdefaults.xml.example

2. Copy it to $HOME/.filezilla folder. Do not forget to put here actual path to folder having fzdefaults.xml.example

cp (path to folder)/fzdefaults.xml.example ~/.filezilla/fzdefaults.xml

3. Open copied file in text editor

gedit ~/.filezilla/fzdefaults.xml

4. Scroll down and loacte property "Config Location". There will be a path just next to it. Replace it with the path to your desired secured location. Save and close.

5. Now move your previously saved FTP site settings to secured location. Make sure you move it NOT copied.

mv ~/.filezilla/sitemanager.xml (your desired secured path)/sitemanager.xml

Now all is done!
To verify if new settings are effective, run FileZilla, you should see all your old FTP settings there.