• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

How do I encrypt account passwords?

O

OmaB

Guest
Hello,

how can I encrypt account passwords for security reasons?
All passwords stored in psa.accounts are clear-text ... (type=plain)

In order to comply with our security policy encrypting passwords is a must.
I'm new to plesk and haven't found the magic switch yet...

Thanks,
Oma
 
there is no way... plesk need this passwords to write several config files and so on.
 
Hello,

thanks for your reply
lhwparis said:
there is no way... plesk need this passwords to write several config files and so on.
Click to expand...

that's bad - still, the database schema suggests that storing hashes is possible:

CREATE TABLE`accounts` (
`id` int(10) unsigned NOT NULL auto_increment,
`type` varchar(32) character set ascii NOT NULL default 'plain',
`password` text character set ascii collate ascii_bin,
PRIMARY KEY (`id`)
)

Is it possible to enable encrypted passwords if I relinquish to some services / panel options?

Thanks,
Oma
 
mail passwords can be stored encrypted, run:

/usr/local/psa/bin/mail --help

and check out the details on the -passwd_type option
 
I found this thread but still couldn't figure out how exactly to encrypt the password.
I found out that the syntax must be something like this:

env PSA_CRYPTED_PASSWORD="<SomePassword>" /opt/psa/bin/mail -u <SomeEmailAddress@SomeHost> -password-type encrypted

So far so good. But how can I determine the string for PSA_CRYPTED_PASSWORD? What encoding of the string does Plesk accept or need? I searched with Google for quite some while now and found... nothing, sadly.

I found then: http://forum.parallels.com/showpost.php?p=451985&postcount=2
That lead me to: echo "PlainTestPassword" | base64
However I don't think that's it because the result is way to short and still not really encrypted. Probably something like md5?

Anyone knows how to do it for sure? It's a pitty, that there's no option in Plesk to at least force the saving of only encrypted passwords in the database. I thought that's nowadays a common safety understanding (never ever save passwords in plain text)!
 
I would also think that when you specify "-passwd_type encrypted" the password would get encrypted automatically, but this is not the case. Couldn´t get it to work either.

Also, Plesk 10 is not compatible with encrypted passwords: http://kb.parallels.com/en/112508


@Parallels: Please fix this! According to my findings, this problem exists a long time and unencrypted (and unsalted) passwords really shouldn´t exist anymore in 2012.
 
You must log in or register to reply here.

Similar threads

D
Resolved Looking for tutorial/information on how to install Matrix Docker container
Replies
4
Views
2K
David Borrink
D
A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
3K
AntoineW
A
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
3K
cmartinez127
C
T
Issue Securing Plesk with Let's Encrypt
Replies
4
Views
2K
MartinT
M
J
Issue Notifications Email and 550 error
Replies
1
Views
3K
mariano_loo
M
Back
Top