Prevent decryption of passwords for customers/mail users/...
At the moment, user/customer/... passwords are stored in the database in a way that they can still be decryted using the server's private key (see for instance http://serverfault.com/questions/425116/possible-to-get-cleartext-password). This is for instance used by the program mailauthview. Thus, once somebody knows the key and has access to the database, (s)he can decrypt all passwords.
I would like to prevent the ability of decrypting passwords at all. Since many people use the same passwords across different accounts, I'd like to prevent the risk that user passwords unintentionally could get revealed if somebody gets access to the server.
Anonymous
shared this idea
Thank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG
-
Laurent Chouraki
commented
Please think again. It's becoming mandatory in europe.
-
Thank for raising it. We have merged that other request in here for easy of tracking.
-
Anonymous
commented
This is a duplicate request. See https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/7247271-prevent-decryption-of-passwords-for-customers-mail
-
Anonymous
commented
I fully agree - All passwords should be stored using one-way cryptographic hash functions that cannot be decrypted.
Btw: This is the same feature request as https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/10547529-storing-all-passwords-in-psa-database-in-undecrypt
-
Anonymous
commented
storing all passwords in psa database in undecryptable one-way hash after recent 000Webhost hack
