• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

How do I encrypt account passwords?

O

OmaB

Guest
Hello,

how can I encrypt account passwords for security reasons?
All passwords stored in psa.accounts are clear-text ... (type=plain)

In order to comply with our security policy encrypting passwords is a must.
I'm new to plesk and haven't found the magic switch yet...

Thanks,
Oma
 
there is no way... plesk need this passwords to write several config files and so on.
 
Hello,

thanks for your reply
there is no way... plesk need this passwords to write several config files and so on.

that's bad - still, the database schema suggests that storing hashes is possible:

CREATE TABLE`accounts` (
`id` int(10) unsigned NOT NULL auto_increment,
`type` varchar(32) character set ascii NOT NULL default 'plain',
`password` text character set ascii collate ascii_bin,
PRIMARY KEY (`id`)
)

Is it possible to enable encrypted passwords if I relinquish to some services / panel options?

Thanks,
Oma
 
mail passwords can be stored encrypted, run:

/usr/local/psa/bin/mail --help

and check out the details on the -passwd_type option
 
I found this thread but still couldn't figure out how exactly to encrypt the password.
I found out that the syntax must be something like this:

env PSA_CRYPTED_PASSWORD="<SomePassword>" /opt/psa/bin/mail -u <SomeEmailAddress@SomeHost> -password-type encrypted

So far so good. But how can I determine the string for PSA_CRYPTED_PASSWORD? What encoding of the string does Plesk accept or need? I searched with Google for quite some while now and found... nothing, sadly.

I found then: http://forum.parallels.com/showpost.php?p=451985&postcount=2
That lead me to: echo "PlainTestPassword" | base64
However I don't think that's it because the result is way to short and still not really encrypted. Probably something like md5?

Anyone knows how to do it for sure? It's a pitty, that there's no option in Plesk to at least force the saving of only encrypted passwords in the database. I thought that's nowadays a common safety understanding (never ever save passwords in plain text)!
 
I would also think that when you specify "-passwd_type encrypted" the password would get encrypted automatically, but this is not the case. Couldn´t get it to work either.

Also, Plesk 10 is not compatible with encrypted passwords: http://kb.parallels.com/en/112508


@Parallels: Please fix this! According to my findings, this problem exists a long time and unencrypted (and unsalted) passwords really shouldn´t exist anymore in 2012.
 
Back
Top