• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

How do I encrypt account passwords?

O

OmaB

Guest
Hello,

how can I encrypt account passwords for security reasons?
All passwords stored in psa.accounts are clear-text ... (type=plain)

In order to comply with our security policy encrypting passwords is a must.
I'm new to plesk and haven't found the magic switch yet...

Thanks,
Oma
 
there is no way... plesk need this passwords to write several config files and so on.
 
Hello,

thanks for your reply
lhwparis said:
there is no way... plesk need this passwords to write several config files and so on.
Click to expand...

that's bad - still, the database schema suggests that storing hashes is possible:

CREATE TABLE`accounts` (
`id` int(10) unsigned NOT NULL auto_increment,
`type` varchar(32) character set ascii NOT NULL default 'plain',
`password` text character set ascii collate ascii_bin,
PRIMARY KEY (`id`)
)

Is it possible to enable encrypted passwords if I relinquish to some services / panel options?

Thanks,
Oma
 
mail passwords can be stored encrypted, run:

/usr/local/psa/bin/mail --help

and check out the details on the -passwd_type option
 
I found this thread but still couldn't figure out how exactly to encrypt the password.
I found out that the syntax must be something like this:

env PSA_CRYPTED_PASSWORD="<SomePassword>" /opt/psa/bin/mail -u <SomeEmailAddress@SomeHost> -password-type encrypted

So far so good. But how can I determine the string for PSA_CRYPTED_PASSWORD? What encoding of the string does Plesk accept or need? I searched with Google for quite some while now and found... nothing, sadly.

I found then: http://forum.parallels.com/showpost.php?p=451985&postcount=2
That lead me to: echo "PlainTestPassword" | base64
However I don't think that's it because the result is way to short and still not really encrypted. Probably something like md5?

Anyone knows how to do it for sure? It's a pitty, that there's no option in Plesk to at least force the saving of only encrypted passwords in the database. I thought that's nowadays a common safety understanding (never ever save passwords in plain text)!
 
I would also think that when you specify "-passwd_type encrypted" the password would get encrypted automatically, but this is not the case. Couldn´t get it to work either.

Also, Plesk 10 is not compatible with encrypted passwords: http://kb.parallels.com/en/112508


@Parallels: Please fix this! According to my findings, this problem exists a long time and unencrypted (and unsalted) passwords really shouldn´t exist anymore in 2012.
 
You must log in or register to reply here.

Similar threads

A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
919
AntoineW
A
J
Issue Notifications Email and 550 error
Replies
1
Views
3K
mariano_loo
M
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
6
Views
3K
WebHostingAce
WebHostingAce
B
Forwarded to devs Wordpress toolkit - odd behavior: Change of preferred domain triggers password change and makes admin interface inaccessible
Replies
2
Views
2K
IgorG
IgorG
Marcelo Menezes
Issue How do preveiw a new WordPress Site - Account Suspended
Replies
1
Views
470
IgorG
IgorG
Back
Top