i added a user and gave him a pwd. 5 days later he asked me, if i can give him the pwd again - he loosed it. but i can't, because i can't see the pwd inside ispconfig. it would be nice to see it.
Security policies should enforce no one can ever view a password. That's good. What may be a nice RFE, is an automated password recovery feature, but that requires the user also to have a mail address. Which is currently not required in ISPConfig. Maybe that's another RFE: require a valid email address for every user. It's so simple with gmail or hotmail to have a free account.....
this is not a problem, if there is only ONE user and only ONE Place, the pwd is needed. But think about this: There are TWO users who use the SAME FTP-Account to upload files (we need this, because there is only ONE admin-account with the right to upload files to the root). or think about there is ONE catchall-email-acount, the server of a company handles. if you now change the pwd you have to change the server-settings and to tell all the persons that you changed the pwd. or think about that there are 5 pcs connecting the same IMAP-account (for example the mail is [email protected] and we have 5 people doing the service here). if i change the pwd i have to change all the email-clients (some are at the office, some are at home). i think, now it is clear, why i CAN'T change the pwd ;-)
you can do this, if YOU change the pwd, but what about changings done by your customer or what about if you FORGET to change the pwd in your file (we are all humans ;-)
isn't this only "pseudo security"?. If you can change the pwd you can upload (or download) files to/from the server, you can read the mails, access the mysql database and so on - so what is the "extra" security if you can't see the pwd but change it?
IMHO this is bad security practice. Every user should have his/her own uid/password. There is no justification to share passwords between users. If that's now enforced by technical limitations, we should work to fix the technical issues, not weakening security.
if you think about USERS then you may be right. but if you "forget" the users and only think about the thinks you want to do, this is not a problem i thing. for example if you create a user ONLY to have a email account - what is the security problem. one user can read the email of the other, but this is what i want - i want 5 users to see the same email (like a call-center - the person who "has time" reads the emails and reacts on it) and what is the security risk if two users can upload/downlaod files with the SAME user-account. i don't see one. in a "normal pc" you are right. here at our office every user has his own account / pwd - shure. but at a internet-server IMHO you don't need users - you need a ftp account, you need a email-account and you need a database with a pwd but WHY users? schlund, 1und1, strato - non of them have users.
Additionally to martins comment: Many users are using the same password for different things. Thats why passwords shall be always stored as hashes so even the admin cant see or uncrypt them. Or think about what happens if your server gets hacked and the hacker gets all the clear text passwords. Its a big difference security wise if a password is stored as clear text or hash that can not be uncrypted! (Remark: I know that its possible to break simple passwords with wordbook attacks or too short passworts with brute force.)
They all ahve users. It might be virtual users but they are users as every login needs a user. Or can I download your mails from schlund because you dont have a username and password that protects them.
i know this and deep in my heard i know, you are right, but when the server is hacked the hacker can CHANGE ALL PWD to what he likes and so he can do the same stupid thinks he can do if he sees the pwd DIRECT at the screen. To change the pwd is only one little step more (and NO problem for the hacker) so this is IMHO not realy more secure - it is only for us to feel secure and to have a good feeling ;-)
You missed the point here: As I posted above, many users are using the same password for many things and if the password is stored in clear text, other servers and services can be hacked, e.g. ebay accounts, paypal accounts etc. But we can make it really short here, we will not add clear text passwords to ISPConfig in a official build if not the majority of developers give their vote for it and I'am pretty sure they will not vote for kicking security overboard.
yeah i know, technical they HAVE users (they need them - sure) - but for every thing you need there is one several user (technical you have one for the mail-account, one for the ftp account, one for the mysql and so on). so if two real persons share one "virtual user" (because they share the email-account) this is no problem, because this virtual user can do no more than getting his email. and i think, that more than 99% of the customer of strato, 1und1 and schlund don't know that they HAVE users because they all are virtual and so "hidden"
ok - now i understand! the "problem" is the different point of handling "users". In MY OPINION a user at a Internet-server is not a REAL User, it is a technical construct to enable database, ftp and so on. this means, in my opinion the pwd is auto-generated and not the preference of a special person. In YOUR OPINION a user is a real person, using its own pwd (the same using at ebay online-banking and at office) and so his pwd is used in "real life" and so a security hole if anybody know this. In my opinion this is not a problem, because the pwd is NOT a real-life pwd and so not used at ebay and others. and this gap of your user and my user is what i have overseen.
We tend to disagree then. I think they are have the wrong policy. As we're all entitled to our personal opinions I suggest we stop our discussions on the forum. I second that
