Suggestion: Each time sys-ftpd is enabled, set a nonce as default password

Question

Suggestion: Each time sys-ftpd is enabled, set a nonce as default password

fullmetal1 opened this issue 4 years ago · 2 comments

Some of the people in the switch lan play servers have been getting hacked and having their SD card data deleted, or other files added to their SD cards because their ftpd was enabled while they were using lan play.

A nonce password accessible through the switch GUI (possibly an overlay) would fix the problem, without requiring additional user setup. (the homebrew app store routinely deletes custom config files as well, requiring passwords be reset every update).

Answer 1 · 2020-07-18T13:01:41.000Z

I'm not sure what the optimal solution to this problem would be. Nonce password requires that a GUI app is developed, and is also cumbersome. I'd like to implement Defender0fHyrule's idea from #13, where anonymous connection is disabled by default, and the sysmodule will reject all connection unless both login and password are set. Would you be okay with that?

Answer 2 · 2020-07-22T22:41:09.000Z

Both solutions are nearly equally as secure for the end user. Mine is (imo) a bit more elegant (and the rotating password is technically more secure), but if it's too much work for the minor gains, something like what DefenderOfHyrule suggested is a perfectly functional solution.