Facebook
Twitter
H
HarrySTrueman
Guest
Hi there,
i am using Plesk 10.4.4 on Debian 6 (Squeeze).
When i do a server configuration backup inside of plesk, a tar file will be created.
Inside of the archive there are some xml files.
The problem is, that every password is stored as plain text!!!
I mean every password including the plesk, mail and ftp/ssh!
Is there any way to get plesk using decrypted passwords for these files?
Because the passwords are stored as plain text in the xml files i am quite sure,
that they are stored as plain text passwords somewhere probably in the db.
I have two issues here:
1) DB
If someone gets access, due to bugs in the software or some other hack, the
attacker will get all passwords for all accounts configured in Plesk!
2) XML-Backup-File on ftp server
I would like to configure plesk to store the backup files on a ftp repository.
The ftp server is not under my control and i do not know how often the server
will be patched. I do not want to save files which contains all password from
our server in plain text on such servers!
Is there a way to encrypt all passwords using Plesk?
Thanks,
Harry
i am using Plesk 10.4.4 on Debian 6 (Squeeze).
When i do a server configuration backup inside of plesk, a tar file will be created.
Inside of the archive there are some xml files.
The problem is, that every password is stored as plain text!!!
I mean every password including the plesk, mail and ftp/ssh!
Is there any way to get plesk using decrypted passwords for these files?
Because the passwords are stored as plain text in the xml files i am quite sure,
that they are stored as plain text passwords somewhere probably in the db.
I have two issues here:
1) DB
If someone gets access, due to bugs in the software or some other hack, the
attacker will get all passwords for all accounts configured in Plesk!
2) XML-Backup-File on ftp server
I would like to configure plesk to store the backup files on a ftp repository.
The ftp server is not under my control and i do not know how often the server
will be patched. I do not want to save files which contains all password from
our server in plain text on such servers!
Is there a way to encrypt all passwords using Plesk?
Thanks,
Harry
