• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Question Why in plesk firehouse Aws keys are public ?

saadifastian

New Pleskian
Server operating system version
Cloud Linux
Plesk version and microupdate number
Plesk Onyx Version 17.8.11

{
"stream": "plesk-17.0-ux",
"region": "us-west-2",
"accessKeyId": "BajksdjasdiuahoOHUEUNN",
"secretAccessKey": "p+asd;kmIOJIdmdm435;mdaisd49dkmpamd",
"endpoint": "firehose.us-west-2.amazonaws.com",
"httpOptions": {
"connectTimeout": 1000,
"timeout": 1000
}
}
 
There has been an internal discussion in the past about this topic. Plesk is aware of it, but the specific usage case of these visible keys is no security threat. If you would like to discuss your concerns in detail, please open a ticket with Plesk support for specificially your case.
 
Hi, But WHY is there credentials to AWS. Some ' security researchers' send us a report that we expose this kind of information. So by default we don't want this information in there.
So in short:
- is there documentation why this AWS connection is needed (or can we block this server to go to aws in the firewall)
- if needed can it be placed outside the login.php to avoid reports from ' security researcher/bounty hunters'
 
One follow up from the above
We mitigated the ' security researches/others' with deny access via Customizing Plesk URL
and changed the setting to No custom URLs. Only https://<server-IP-or-hostname>:8443 and give customers vpn
 
Back
Top