Am 12.09.2013 14:21, schrieb Dan McAllister:
Eric,
Why wouldn't it be possible to keep the plaintext password field in the
vpopmail database, but protect it?
I would think you could compile vpopmail to keep the cleartext passwords, but then create
an additional user in the DB (an "admin" user) and restrict rights to view that
field to the admin user. (NOTE: You still have to have write permission to that field
from the vpopmail user so that updates/changes can be recorded).
Just an idea...
Dan McAllister
Dan,
the problem is easily described: when someone gets access to the database
(content, dumps, backups) this person will have full access to the plain
passwords; as many users re-use the passwords that's a very critical issue.
Best regards,
Johannes
--
Johannes Weberhofer
Weberhofer GmbH, Austria, Vienna
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com