Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 28th March 2007, 14:44
vogelor vogelor is offline
ISPConfig Developer
 
Join Date: Jan 2007
Location: Wernau, Germany
Posts: 219
Thanks: 42
Thanked 34 Times in 24 Posts
Default Big Security Problem

Just want to tell.
some days ago some of the developer told me, that it is a big security-hole to store the password of the user in plaintext inside the DB.

i think, we have a other big security-problem.
if you send (or get) emails, the "normal" way is sending the data in plaintext. this means, if a user is the admin of the web and has a email-account, then he sends his passport every time he gets (or sends) emails.

means if anybody can scan the "email-protokol" he can read the pwd of the admin and so connect to the server and change the files at the server (for example a php-script to get the account-data of the database used).

it is NO problem for me to use SFTP because this is "FTP over SSH" and SSH has it's own fingerprint. but i can't generate a SSL-certificate for every customer i am hosting.

so isn't it better, to separate the FTP from the email-user?
__________________
Der neue Luxus heit Zeit, nicht Geld!

Firma : http://www.muv.com, http://www.computerandservice.de
Privat : http://www.vogelor.de
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
SE linux problem when security context is modified raj123 Technical 1 28th June 2006 08:57
ssh security problem... Jonathan Installation/Configuration 1 26th May 2006 01:59
problem with ssh security Jonathan Installation/Configuration 1 26th May 2006 01:52
Possible security problem bjmg General 2 15th March 2006 18:33


All times are GMT +2. The time now is 15:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.