Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th October 2012, 12:19
Dehumanizer Dehumanizer is offline
Junior Member
 
Join Date: Oct 2012
Posts: 16
Thanks: 1
Thanked 2 Times in 1 Post
Unhappy .htpasswd permissions

Hello,

I've just started playing with ISPConfig yesterday and I found one thing that I was truly shocked about, when I create a protected folder under some website, the resulting .htpasswd file is WORLD READABLE!! What the heck is that? Am I missing something? That's like putting a door key under the floor mat. Is there any way how to easily fix this "feature"? I can set permissions manually of course, but I am using the panel to do all the dirty work for me...
I was quite enthusiastic about ISPConfig, but now I'm really having doubts about the security of the whole thing when I see thing like having a password file world readable...
Reply With Quote
Sponsored Links
  #2  
Old 19th October 2012, 12:45
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,794
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

This has been changed in svn stable branch.

Quote:
Am I missing something? That's like putting a door key under the floor mat.
Thats not the case as the passwords are not stored in cleartext, the passwords are stored as hash with salt, so you cant decrypt them in a reasonable amount of time even if you use rainbow tables etc.

If you don believe me, then tell me the cleartext of this password: $1$CtoFNwP5$y/b.nF3naIKfam9jQE.Jx0
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th October 2012, 12:57
Dehumanizer Dehumanizer is offline
Junior Member
 
Join Date: Oct 2012
Posts: 16
Thanks: 1
Thanked 2 Times in 1 Post
Thumbs up

Ok, but still it's not nice.
However good to hear that it's been taken care of.
Other than that I really like the panel so far... I needed something simple yet powerful enough and ISPConfig looks it exactly fits my needs.
Reply With Quote
  #4  
Old 19th October 2012, 14:55
Dehumanizer Dehumanizer is offline
Junior Member
 
Join Date: Oct 2012
Posts: 16
Thanks: 1
Thanked 2 Times in 1 Post
Question

Well, I have upgraded to the SVN version to test it and I'm still having the same problem. What am I doing wrong?
Reply With Quote
  #5  
Old 19th October 2012, 15:57
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,794
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Most likely you used the wrong svn branch, the work for the next release (3.0.5) is done in this branch and not in trunk:

svn://svn.ispconfig.org/ispconfig3/branches/ispconfig-3.0.5
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Dehumanizer (19th October 2012)
  #6  
Old 19th October 2012, 15:58
Dehumanizer Dehumanizer is offline
Junior Member
 
Join Date: Oct 2012
Posts: 16
Thanks: 1
Thanked 2 Times in 1 Post
 
Default

I see, thank you.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Joomla permissions in CentOS/ISPConfig 3 setup willko Tips/Tricks/Mods 3 17th November 2010 12:13
/etc/ permissions CarbonCopy Server Operation 3 29th April 2010 22:58
File Permissions 40esp General 2 22nd June 2009 22:15
suPHP, Joomla! 1.5, file & diretory permissions pjdevries Installation/Configuration 17 19th June 2008 03:58
Logcheck Permissions Problems Drek Server Operation 1 7th September 2007 16:43


All times are GMT +2. The time now is 15:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.