If a third party decided to be malicious they could upload and delete files in your ftp directory, but not download. API keys also grant access to your personal account info, balance, sales data, statement etc – so you should be careful to only give them to trusted third parties.
The change we’re making on FTP is to reduce the current functionality of password or API key to API key only. We have updated our FTP software to show a more helpful error message on failed login.
Even if API key is a bit more esily acquirable by someone with dark intetntions, the FTP is just used for uploading, there is not too much harm that could be done. But the FTP could be hammered by password brute force attacks or other things, it’s best to only use our passwords for logging in the marketplaces (wish there was ssl).
- Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
- Open a support ticket if you would like specific help with your account, deposits or purchases.
- Item Support by authors is optional and may vary. Please see the Support tab on each item page.
Most of all, enjoy your time here. Thank you for being a valued Envato community member.