Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 15th January 2010, 15:11
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 46
Thanks: 2
Thanked 3 Times in 3 Posts
Default

I'm very aware of that, but this is for a small, particular server, where the users don't put their secure passwords and use these accounts only for particular purposes. It's not something I would do on a large server with a lot of people.

Anyway, for a big server, I would instead store the passwords with a reversible encryption (like many installations of vpopmail) with a key stored out of the database, or send the passwords to a write only and secured database before encrypting them.
So, it would still be good to know how to set the hash algorithm.
Reply With Quote
Sponsored Links
  #12  
Old 16th January 2010, 11:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,389 Times in 4,234 Posts
 
Default

You will have to set the encryption in the form files to cleartext.

Quote:
Anyway, for a big server, I would instead store the passwords with a reversible encryption (like many installations of vpopmail) with a key stored out of the database, or send the passwords to a write only and secured database before encrypting them.
Thats not secure either, as a hacker can simply use the master password to decrypt the user passwords. Its a bit more save then then cleartexts but still nothing that should be used on a production system. Or you need a good insurance if your users will start to sue you and you should ask your insurance first if they would even pay when you use a reversible encryption
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
gring (18th January 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Change Password Page Polk Feature Requests 1 23rd March 2009 15:56
Procedure: changing a mailuser password Hans General 14 22nd September 2008 17:21
How to change MySQL root password? wpwood3 Installation/Configuration 1 9th October 2007 02:55
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40
How to prevent mailuser to change his password? rosa hsiao General 4 28th December 2005 03:53


All times are GMT +2. The time now is 06:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.