I suggest you ...

Prevent decryption of passwords for customers/mail users/...

At the moment, user/customer/... passwords are stored in the database in a way that they can still be decryted using the server's private key (see for instance http://serverfault.com/questions/425116/possible-to-get-cleartext-password). This is for instance used by the program mail_auth_view. Thus, once somebody knows the key and has access to the database, (s)he can decrypt all passwords.

I would like to prevent the ability of decrypting passwords at all. Since many people use the same passwords across different accounts, I'd like to prevent the risk that user passwords unintentionally could get revealed if somebody gets access to the server.

7 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base