HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   cleartext db passwords -> hashed (http://www.howtoforge.com/forums/showthread.php?t=61585)

pbrille 24th April 2013 06:29

cleartext db passwords -> hashed
 
Hi,

when I looked manually into my ispconfig database I spotted that there are quiet a lot DB users with cleartext passwords. I simply don't want this (of course).
table:
web_database_user

thx

till 24th April 2013 11:36

This has been changed in current ispconfig versions. Create a new db user after you updated to a current versiona and you will see that.

pbrille 26th April 2013 13:30

till

I'm talking about existing users. They have cleartext passwords stored in the DB. That's unacceptable.
There are quite a lot users in there, so recreating the user is not an option.
Which hashing algorithm has been used? With or without salt? Which encoding? If you tell me I will write a script on my own.

Thank you

till 26th April 2013 14:07

The passwords of mysql users are encrypted with the mysql password() command.

Ben 26th April 2013 14:15

Quote:

Originally Posted by till (Post 296364)
The passwords of mysql users are encrypted with the mysql password() command.

I can just confirm that for all my entries in that table.

till 26th April 2013 14:32

The mysql passwords in older versions were stored in cleartext. This had been changed to hashed passwords since 3.0.4.x versions of ispconfig if I reember correctly. Some mysql user editing commands required a cleartext password, so we had to keep the password in clertext. In 3.0.4 we found a way to work around the mysql commands and were able to switch to encoded passwords for new and updated mysql users.


All times are GMT +2. The time now is 09:30.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.