1. Introducing Channels - a new way to chat with other Android users!
    Dismiss Notice

Connectbot safe for high level remote admin tasks


Last Updated:

  1. Lotarogg

    Lotarogg New Member This Topic's Starter

    Joined:
    Oct 8, 2010
    Messages:
    2
    Likes Received:
    0
    ok, be gentle with me I'm not a developer but a network engineer wanting to use Connectbot on my HTC Desire to remote admin some of our servers. I'm concerned about other apps on the device capturing root passwords - is this possible, can I look at the apps installed to determine whether or not they can do this, is this the right place for this question?

    Cheers
     

    Advertisement
  2. fangorious

    fangorious Guest

    From 'Settings -> Applications -> Show Permissions' you can see what applications have access to various parts of the OS. Although I think you would need to focus your concern more towards ConnectBot itself harvesting passwords rather than other apps harvesting them from ConnectBot. I don't recall hearing anything about ConnectBot in the recent discussions of the article from group that made the TaintDroid security analysis tool.
     
    Lotarogg likes this.
  3. kruton

    kruton New Member

    Joined:
    Oct 9, 2010
    Messages:
    1
    Likes Received:
    1
    ConnectBot doesn't harvest passwords. (Full disclosure: I wrote ConnectBot) However, you don't have to trust me since you can read the source code at connectbot - Project Hosting on Google Code and build your own copy if you're really paranoid.

    If you're worried about key loggers, make sure you trust your IME. That's the only thing that could log your key input barring any ridiculous mistakes like some IME logging all key input to logcat or dmesg.
     
    Lotarogg likes this.
  4. Lotarogg

    Lotarogg New Member This Topic's Starter

    Joined:
    Oct 8, 2010
    Messages:
    2
    Likes Received:
    0
    I've gone through the apps and none say that they read and disseminate your passwords, so that's good :) From what you're both telling me only the IME itself and ConnectBot could log/steal the passwords in this instance so I'm feeling far more comfortable about using it.

    Thanks
     

Share This Page

Loading...