• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Encrypt Email passwords even for root

TorbHo

Basic Pleskian
Is it somehow possible to encrypt email passwords, so that even an user with root access cannot access them.
At the moment root-users can see them with
Code:
/usr/local/psa/admin/sbin/mail_auth_view

If it is not possible, can we make it somehow harder to view the passwords?

Our intention is to give our customers a better feeling of security, as some of them still use the same password for different platforms.
 
Hi TorbenH,

as far that I know, this feature is hardcoded in encrypted Plesk files, so you won't be able to change that.
 
You should better ensure that no other root access is obtained. Linux automatically assumes that the user root knows exactly what it is doing and with this user it does not require any restrictions. Root remains root. This is not Windows!
 
You should better ensure that no other root access is obtained. Linux automatically assumes that the user root knows exactly what it is doing and with this user it does not require any restrictions. Root remains root. This is not Windows!
That is not the point. We and our customers don't like the idea that anyone, no matter if user, admin or root could see passwords in plain text.

Any password should be saved in database encrypted and irretrievably.
 
That is not the point. We and our customers don't like the idea that anyone, no matter if user, admin or root could see passwords in plain text. Any password should be saved in database encrypted and irretrievably.

Any password that can be used must be decryptable by the service that is using it. I'm not aware of anything that will allow you to have "irretrievably encrypted" passwords that still work.
 
Any password that can be used must be decryptable by the service that is using it. I'm not aware of anything that will allow you to have "irretrievably encrypted" passwords that still work.

Well, G J Piper, I have to disagree. What we are looking for are (one-way) cryptographic hash functions (e.g., Cryptographic hash function - Wikipedia, Password Storage Cheat Sheet - OWASP).
The idea is quite simple: When you store the password for the first time, you generate some form of hash which you store instead of the password. Now if the user wants to login, the system takes the entered password and applies the same hash function to this plaintext passwords. If the two hashes match, the password is correct.

Why would you want to use hashes instead of symmetrially encrypted passwords (that you can decrypt if you know the key)?
Well, the answer is quite simple: Many people use the same account details (e.g., e-mail address as user name, and the same password) for many other systems. Thus, if your Plesk server gets compromised, you risk that the attacker might try to use these credentials somewhere else. And if you are the administrator, you probably want to have a system where this just cannot happen...
This has been documented for many cases, e.g., symmetric key encryption vs hashing,
 
Last edited:
Back
Top