Anonymous

My feedback

  1. 309 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      35 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

      We have serious doubts this function can really increase server security:
      1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
      2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

      As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

      As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

      Anonymous supported this idea  · 
      Anonymous commented  · 

      I somewhat disagree with the official Plesk opinion. I agree that a strong password is a must. However, to log in, an attacker needs to know both - user name and password. If the user name is already known (and maybe the password is reused somewhere else), it is much easier to log in...
      Thus, please make sure to implement this feature.
      In addition, disabling a login with the Unix root credentials should be standard as well (can only be disabled via panel.ini).

    • 700 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        34 comments  ·  Feature Suggestions » Backup / Restore  ·  Flag idea as inappropriate…  ·  Admin →

        Hi all, Thanks for your input, really appreciate this! As you know, in Plesk Onyx 17.8 we made a significant improvement that allows you to use several cloud storages or even SFTP for remote backups. In Plesk Onyx 17.9 we will continue to improve Plesk Backup Manager in general and Flexible Backup Scheduler Manager in particular.

        Based on the initial description and comments I can highlight 3 scenarios in the scope of this request:

        #1. Keep Daily & Weekly & Monthly backups at the same time: (Example: 2 weeks of daily backups + weekly backups by each Monday)

        #2. Backup to different storages (like daily to FTP and monthly to Google Drive)

        #3. Multiple Storages of the same type (like 2 different FTP servers)

        ID in our Issue Tracker: PPM-1701
        -DL

        Anonymous supported this idea  · 
      • 852 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          open discussion  ·  145 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →
          Anonymous supported this idea  · 
        • 7 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            4 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
            Anonymous commented  · 

            I fully agree - All passwords should be stored using one-way cryptographic hash functions that cannot be decrypted.

            Btw: This is the same feature request as https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/10547529-storing-all-passwords-in-psa-database-in-undecrypt

            Anonymous supported this idea  · 

          Feedback and Knowledge Base