Exception: Password property is not set

Question

Hi,

I'm using SecureFtpConnection to establish an sftp connection.
I need to supply only the userid and private key file in order to log on, but am getting:
"System.InvalidOperationException: Password property is not set"

If I explicitly set the password to String.Empty then I can log on successfully, but it strikes me that I shouldn't have to do that - merely not supplying a password should be enough shouldn't it?

thanks

Answer 1

You need the password set to the password of the private key file.

Answer 2

Hi,

I have no control over the private key, so I guess the password is blank.
Explicitly setting it to String.Empty works fine.
I just don't think I should have to do that - if no password is supplied then I think it should try to connect without a password.
empty string and null tend to be considered the same thing IME

thanks

Answer 3

I see what you mean, however it isn't that usual for a private key password to be blank - it isn't recommended as anyone can then just copy the key to impersonate you.

I suppose we could set it to blank by default, but then all the users who forget to enter their password will get a wrong password error or something like that instead of a more sensible one telling them to set it.

So on the balance of things, we're not convinced in this situation :wink:

Answer 4

anyone can then just copy the key to impersonate you.

They would have to get hold of the private key file first though...

It just doesn't right to have to set the password to nothing when it IS nothing.
If a password is required and not supplied then it is correct to say a wrong password (or empty) was supplied.
I just haven't encountered this at least in the .NET world before - usually blank properties are not required to be explicitly set as blank.

Answer 5

Here the password isn't nothing - it's the empty string. Although I can see that this might be splitting hairs a little ...

In the end I'm not that keen on using a default password (in this case the empty string). I'd rather just throw an exception saying the password hasn't been set, and get everyone to explicitly set their password even if it is the empty string. Otherwise we can never tell if someone has set the password or not.

But I can understand why you mightn't agree. I will ask the opinion of my .NET guru colleague. If he agrees with you, we'll change it.

Answer 6

Thanks Bruce - I can ask no more than that you would consider it.

Both are valid arguments - I agree that having a blank password is a naff idea, but I also agree (with myself) that if something isn't needed then I shouldn't really have to set it to nothing/empty as that would be the "default" state of it.