If you activate the Application Password Protection (APP) all of your data files will be encrypted using a strong 160bit encryption.
To activate APP, from FlashFXP, Sites > Security > Set Password.
When APP is enabled you will be prompted for a password each time FlashFXP is started.
All encryptions can be decrypted fairly easily unless there is a magic key (a hash) that only the user knows. Storing the key inside the exe or in a seperate file would only offer a false sense of security, as the data can be extracted and manipulated. This is where APP comes in, The user is forced to enter the password on startup.
You have to realize that FlashFXP must be able to decrypt the password to send it to the ftp server. Any decryption algorithm we use within our software can easily be duplicated.
I was never contacted regarding this security issue. The scheme used for site passwords was never intended to resist an attack where the attacker reverse engineered our encryption algorithm.
|