In order to be able to log in on your ftp server, web2ftp must know your ftp password. This password is transferred from your Browser to web2ftp and from there to your ftp server. A crypted transmission of your server data to web2ftp (as naturally also the server messages back to you) is possible with the SSL Login. The risk of the transmission path from web2ftp to your server exists also with a ftp program and is thereby no characteristic of web2ftp..

Since for technical reasons with each ftp command your ftp password is needed, web2ftp stores your password for the duration of the session locally. This has the advantage that your password does not need to be sent continuously between your Browser and web2ftp. The password is stored naturally in an inaccessible file, without any connection to your user name. Additionally the password is crypted by DES with a public and private key. If a foreigner gets access to this file (what is nearly impossible) and decodes the password, your password is nevertheless worthless for him. The connection between password and user name is made by a session ID, which is put in hidden HTML fields together with the server data. The stored password can be only used, if both the randomly produced session ID and the user name are known. This information is only known by you!

The password file is deleted together with the session ID when pressing the Logout Button. This guarantees that in Browser or Proxy Caches existing copies of the HTML pages cannot be used any longer. If you forget to logout your password file is deleted automatically after 60 minutes without use! Files downloaded by the ftp server are transferred automatically by web2ftp to your computer. Only you have access to these files as there is an htaccess file that limits the access to your IP number. If another internet user should know the name and the directory of the downloaded file (which actually is already most improbable), due to the IP examination a download attempt would be rejected concerning this file on the server.

Of course we do not store any personal data. Activity-related data is stored only for statistics purposes and deleted after the regular evaluation. Of course we will keep all this data secret. Again it is pointed out that all passwords are deleted after the use! With web2ftp it is neither necessary nor possible to register and store personal data. Therefore an abuse of such data is generally impossible! If you should have further questions or doubts concerning the security of your data, please mail to info@web2ftp.com.

.