Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
1 result found
-
Secure one way encrypted password storage (no mail_auth_view for gdpr, pci-dss, nis2)
Mail password are encrypted but not hashed.
Clear text password are available using the utility
/usr/local/psa/admin/bin/mailauthviewThis is just symmetric everyone not the good practice. See OWASP :
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.htmlIt does not meet many regulations (often referring to good practices or OWASP) and it's an unnecessary security risk of password exposure.
Please add an option to have mail user password hashed one way.
Thanks.
1 voteThank you for your input. We are already working on storing only password hashes, rather than actual passwords. I cannot provide any ETA at this moment.
-- SH
- Don't see your idea?