Session security depends on several factors, including whether the connection you are using to the host is a trusted connection. If it is not, consider whether private or confidential information will be sent and received. FTP and HTTP sessions will transmit user ID, password, and other sensitive or private information in an easily readable format.
For maximum security, it is recommended that passwords and passphrases NEVER be saved. The ability to save passwords and passphrases is functionality provided as a convenience. If a user chooses (and is allowed) to make use of this convenience, saved passwords are encrypted and written to disk as part of the session configuration.
Command-line options for specifying passwords and passphrases are also provided as a convenience. However, command-line options are not protected against unauthorized visibility. It is recommended these command-line options (/PASSWORD, /PASSPHRASE, etc.) not be used in environments where security is important.
In addition, we recommend individuals NOT include passwords and passphrases within scripts since script code is not encrypted.
System administrators who wish to disable this convenient functionality in favor of increased security can request additional information for achieving this goal through Windows Administrative Template mechanism.
Maximum security and privacy on the Internet and local networks requires the use of SFTP, SCP, FTPS, or HTTPS.
Note that although SecureFX does support the FTP and HTTP protocols, SecureFX FTP and HTTP sessions are not encrypted. Encrypted connections are achieved through the SFTP, SCP, FTPS, and HTTPS protocols.