• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question mail_auth_view truncates output

burnley

burnley

Regular Pleskian
I suspect this is a bug - but it looks like mail_auth_view is now limited to 34 characters for the domain name or password. If either field is longer its chopped off with ...

tested on Plesk 18.0.72 Update 1
 
Thank you for the report, @burnley . I was able to replicate the behavior on a test server with Plesk 18.0.72 Update 1. I will further discuss the case with our team and follow-up with more details.
 
@burnley , as mentioned by @AYamshanov , this was indeed intentionally done to address a formatting issue with the column width. Our team now registered a new task (PPPM-15106) to make truncation optional. At this point, we cannot provide a workaround or an ETA on when the change will be introduced. You can monitor the change log here.
 
AYamshanov said:
Hi @burnley,

It seems it was an intentional change. Could you please provide more details about the use case? Did you just notice this, or did it break any integrations?
Click to expand...

@AYamshanov and @Sebahat.hadzhi

The intentional change is quite understandable - there is no reason to show the entire hash of a password, which hash is one of the things truncated.


However, it comes to mind that ..... if this change was intentional ....... why is the prefix $2y$12$ visible?

The whole purpose of hashing is increased security and even if all passwords are hashed, a hacker would think "given the prefix, it can be hacked!"

As a bit of food for thought : would it not be better to remove that prefix?

Sure, I am aware that a hacker able to run the mail_auth_view utility should also be able to change passwords .... but still, that prefix is counterintuitive.


More importantly, one could argue that there still is an issue that is not really a bug.

The table width cannot be adjusted, as far as I know.

It would be more practical to have some flexibility and to be able to set the table width.

This is not really related to password hashes, but related to a potential situation in which a long domain name has been used - that should be visible.


In short, could Plesk Team be so kind and think about flexibility with respect to output of mail_auth_view utility and security by obscuring specific data?

Thanks in advance!
 
$2y$12$ is the hashing algorithm used, in this case bcrypt.

It's the recommended method, to store the algorithm together with the password this way and I don't see why that would pose any security risk.
"Security by (pseudo) Obscurity" is not a thing! and not doing it this way would only really! hurt down the way in the future.

It also makes absolutely no sense to obscure any information within the mail_auth_view utility. (with truncating I have no problem as it helps with the visibility - at least if there is a switch I can use to see the full length when needed)
 
You must log in or register to reply here.

Similar threads

M
Resolved Host error after update to 18.0.72
Replies
11
Views
743
MaasRick
M
D
Resolved mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead
Replies
3
Views
659
Dagalidis
D
K
Resolved How to control smtp.mailfrom in mails sent from Plesk?
Replies
3
Views
895
Kroptokin
K
T
Issue PHP-FPM Opcache bug - warning repeatedly thrown and logged in error log
Replies
6
Views
700
Sebahat.hadzhi
Sebahat.hadzhi
J
Resolved Can not add DS-records, domain is required field since update
Replies
3
Views
2K
Johndenkis
J
Back
Top