This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

FTP passwords in plain text
#1
FTP passwords in plain text
(02-21-2016, 04:36 AM)bbspike Wrote: I replyed some in the designtatd threads.

I forgot one thing to mention. Sentora really should stop saving the FTP passwords in plain text.

Ok let's try but I think we need an extra module in the stack..

http://www.proftpd.org/docs/directives/l...Types.html

We need to change it. It can be done but we should test upgrade process before.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#2
RE: FTP passwords in plain text
(02-21-2016, 05:06 AM)Me.B Wrote:
(02-21-2016, 04:36 AM)bbspike Wrote: I replyed some in the designtatd threads.

I forgot one thing to mention. Sentora really should stop saving the FTP passwords in plain text.

Ok let's try but I think we need an extra module in the stack..

http://www.proftpd.org/docs/directives/l...Types.html

We need to change it. It can be done but we should test upgrade process before.

M B
Yes the only thing needs to be done is change the SQLAuthType to OpenSSL or Backend and change the code in the sentora module with someting like:

PHP Code:
$password "{md5}".base64_encode(pack("H*"md5($password))); 
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#3
RE: FTP passwords in plain text
Yep but issue is upgrading existing users....
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#4
RE: FTP passwords in plain text
Yeah true.

I already have change a Sentora server of us. Now its stores ftp passwords as SHA512.

Updating existing users was easy:

Code:
UPDATE ftpuser SET passwd=SHA2(passwd, 512)

Above code can easily be used in the update script.

The passwd column must be set to 180 tokens for this.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by: Me.B , TGates
#5
RE: FTP passwords in plain text
Ok got them

https://github.com/sentora/sentora-insta...ones/1.0.5

Currently tagged them for next release until I sort out some fixes getting implemented for 1.0.4.

1.0.5 is due with 2 month's not that far. And may be in 1.0.4.

Thant really help.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:


Forum Jump:


Users browsing this thread: 1 Guest(s)