Passwords saved as plain text

The .filezilla directory itself is mode 700, so no one can read the plaintext passwords. That said, it would be a good idea for filezilla to use the Gnome Keyring instead of storing plain text passwords.

Reported upstream (Sourceforge bug tracker) located here:
http://sourceforge.net/tracker/index.php?func=detail&aid=1914680&group_id=21558&atid=372241

This is by design, it is the task of the operating system to protect the user's files. Please encrypt your home directory.

That is a bit simple security design decision IMHO. Sometimes other people have access to home dirs and backups, like sys admins, and a bit more encryption that plain text would be desirable. Hopefully the password would get some encryption.

And what prevents the sys admin from installing a program that intercepts your private data the next time you get it out of the keychain?

Point is: If you can't trust root, don't use the system.

Tim: I understand your point. I suggest two things though,

 1- support for obscuring the passwords, understanding all the limitations that this has. Even being trivial, it would require more than taking the disk out of the machine and using "vi" or "gedit" to look at the password, and that has some value, even if the real value is just improving the user perception of security. This is not a bad thing, as long the documentation makes the limitations clear.

 2- Implement an optional "master password", like firefox. Then use it to encrypt the passwords and URLs in the sitemanager / settings file.

I'm all for option #2. It provides a reasonable level of security to millions of firefox users; I would see it helping filezilla users as well.

FileZilla 3.1.2 (now in intrepid) implements a "kiosk mode" in which FZ doesn't write any password to disk.

perhaps filezilla can use keyring like gnome-keyring or other thing ...

FileZilla moved from SF Tracker to Trac

You can disable saving of passwords in the settings dialog of FileZilla.

This bug was fixed in the package filezilla - 3.6.0.2-1ubuntu1

---------------
filezilla (3.6.0.2-1ubuntu1) raring; urgency=low

  * Merge from Debian experimental. Remaining Ubuntu change:
     - Added debian/patches/11_use-decimal-si-by-default.patch in order to
       comply with UnitsPolicy

filezilla (3.6.0.2-1) experimental; urgency=low

  * Upload to experimental due to freeze
  * New upstream release (LP: #1085474)
     - User is now asked whether passwords should be saved
       (Closes: #490891, LP: #202114)
  * Dropped debian/patches/02_fix-ftbfs.patch, applied upstream
  * Dropped debian/filezilla.svg, it's now upstream as well
  * Updated Standards-Version to 3.9.4, no change needed
  * Switch to dh 9, in order to use dpkg-buildflags
 -- Adrien Cunin <email address hidden> Fri, 07 Dec 2012 17:17:17 +0100

Since Filezilla won't get a feature like master password or integration in keyrings, see http://trac.filezilla-project.org/ticket/1373 , I suggest using a password manager like KeepassX and disable password saving in Filezilla. You still can save URLs and usernames in Filezilla but copy passwords from your password manager.

Too bad This discourages me from using filezilla until this is supported.

Well, finally someone was hurt by it and fixed it in https://it.slashdot.org/story/16/11/06/035212/user-forks-filezilla-ftp-client-after-getting-hacked