Hi, when I looked manually into my ispconfig database I spotted that there are quiet a lot DB users with cleartext passwords. I simply don't want this (of course). table: web_database_user thx
This has been changed in current ispconfig versions. Create a new db user after you updated to a current versiona and you will see that.
till I'm talking about existing users. They have cleartext passwords stored in the DB. That's unacceptable. There are quite a lot users in there, so recreating the user is not an option. Which hashing algorithm has been used? With or without salt? Which encoding? If you tell me I will write a script on my own. Thank you
The mysql passwords in older versions were stored in cleartext. This had been changed to hashed passwords since 3.0.4.x versions of ispconfig if I reember correctly. Some mysql user editing commands required a cleartext password, so we had to keep the password in clertext. In 3.0.4 we found a way to work around the mysql commands and were able to switch to encoded passwords for new and updated mysql users.
