- Australia
- Envato Developer
- Envato Staff
- Has been a member for 2-3 years
If a third party decided to be malicious they could upload and delete files in your ftp directory, but not download. API keys also grant access to your personal account info, balance, sales data, statement etc – so you should be careful to only give them to trusted third parties.
The change we’re making on FTP is to reduce the current functionality of password or API key to API key only. We have updated our FTP software to show a more helpful error message on failed login.
- Bought between 1 and 9 items
- Exclusive Author
- Has been a member for 1-2 years
- Sold between 100 and 1 000 dollars
- United States
stevehodgkiss said
API keys also grant access to your personal account info, balance, sales data, statement etc – so you should be careful to only give them to trusted third parties.
So are API’s less secure than using a password if they grant access to all this information?
- Sold between 50 000 and 100 000 dollars
- Repeatedly Helped protect Envato Marketplaces against copyright violations
- Microlancer Beta Tester
- Exclusive Author
- Has been a member for 3-4 years
- Europe
- Referred between 10 and 49 users
- Bought between 50 and 99 items
Even if API key is a bit more esily acquirable by someone with dark intetntions, the FTP is just used for uploading, there is not too much harm that could be done. But the FTP could be hammered by password brute force attacks or other things, it’s best to only use our passwords for logging in the marketplaces (wish there was ssl).
- Bought between 1 and 9 items
- Exclusive Author
- Has been a member for 2-3 years
- Indonesia
- Most Wanted Bounty Winner
- Referred between 10 and 49 users
- Sold between 10 000 and 50 000 dollars
Hope this changes will bring role-life better for Envato and Marketplace network. Thanks for the info.
