Password in non-default keychain are copied to login keychain

[cyberduck]

anonymous created the issue

Passwords already registered in a keychain different from ~/Library/Keychains/login.keychain will be read and copied to ~/Library/Keychains/login.keychain (which defeats the whole point of storing them in a different keychain)

The code to read passwords in keychains different from ~/Library/Keychains/login.keychain was included 1ec8991 in 3.1, in order to fix issue #2001

I only checked this using FTP.

[cyberduck]

@dkocher commented

In 00e64f9.

[cyberduck]

anonymous commented

the issue still exists in 3.1.2. if you log into a ftp-account with password saved in a non-default keychain, login is ok. as soon as you download a file (with open new connection instead of use browser connection) cyberduck tries to save the password in the default keychain again.

[cyberduck]

@dkocher commented

#3057 closed as duplicate.

[cyberduck]

@dkocher commented

Milestone 3.2 deleted

[cyberduck]

76be774 commented

The bug is still there in v3.3 (5552). This one makes it impossible to store passwords securely. Added to unusable SFTP (#12134) make one wonder why Cyberduck has a serious lack of priority for security.

Are things like S3 or Rackspace support really more requested than solid SSH and Keychain support?

[cyberduck]

@dkocher commented

Replying to [comment:7 chocolate.camera@…]:

The bug is still there in v3.3 (5552). This one makes it impossible to store passwords securely.

In 7c19aa2.

[cyberduck]

@dkocher commented

#3336 closed as duplicate.