⚒️ Security Concerns

### Is there an existing issue for this?

- [x] I have searched the existing issues

### Proposal

*   Evaluate how host key/fingerprint checks are handled.

    *   In `SFTP.cs`, if `Fingerprint` is `null`, “`args.CanTrust = true`” simply accepts all remote host keys. This may be appropriate for development but is a security risk in production. A better approach is to fail if no fingerprint is given, or store known trusted hosts in a configuration.
*   Avoid storing secrets in plain text.

    *   The “`Client`” class holds username/password. For larger/production-grade scenarios, consider using a secret store, environment variables, or an external vault.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

⚒️ Security Concerns #38

Is there an existing issue for this?

Proposal

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

⚒️ Security Concerns #38

Description

Is there an existing issue for this?

Proposal

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions