First
QUOTE:
"It appears that HFS saves user password as clear text instead as a hash"
------------
see link for more info:
http://stackoverflow.com/questions/146146/is-my-form-password-being-passed-in-clear-text
That is default for all/any HTTP web server!... you must encode your own encryption/Login details!
I think you are misunderstanding. you link talk about the http request. I'm talking about the password saved on the server.
and its is definitely NOT normal procedure to save them as clear text. Its a huge data breach issues if you store passwords in clear text or encrypted mode. Its been proper way for security reasons to save them as a salted hash for a long time now.
Double chekc the "URL encoding" under HFS menu in expert mode
I'm not sure what you want me to check here. At first look see nothing that that does any of my suggestions
second, your talking about encoding web links, which is a great feature but not yet available for hfs... but there isa better solution/ handle on this... and controlled by FREE third part software...
I recommend stunnel and this version of HFS:
https://www.stunnel.org/downloads.html
http://www.rejetto.com/forum/hfs-~-http-file-server/for-testing-purpose-hfs-beta-279-including-ssl-tools/msg1059991/#msg1059991
I will look into this but it seems to be to just be a vpn tunnels and nothing to do with my sueestions.
It will help against third party snooping but if i undestand correctly it requires software as well on the clients.
The reason Im' using a http file server is to avoid the clients need for special software
Correct me if im wrong
@Rejetto
Sounds good.
i know i can change the name but the url and the apparent name in the html page is still going to be the same
so if the the foldername has to be something understandable so will the url.
If im missing somewhere to have the html link name be different from the actual url im sorry for not reading the documention propperly