Hi Jian,
you are right, thought with FMail passwords it’s not as easy as with
account passwords: Account passwords we only need to verify, while FMail
passwords need to be send to mail server.
Most secure setup currently is to have a single authentication source
for mailserver and egroupware. Then egroupware can use the
session-password to authenticate with the mailserver. This can either be
archived by authenticating egroupware against mailserver or eg. using
LDAP for both.
An other (not yet implemented) option would be a kind of password safe
in egroupware, which uses the session-password to encrypt the passwords.
Problem of that approach is, if you authenticate against an other system
and password changes happen outside the control of egroupware. In that
case the stored passwords would be lost.
For account passwords we use now crypt $6$ / sha256 hashes with 5000
rounds, if supported by your system (available in php 5.3+).
Ralf
I can’t agree with you.
Reason 1: As an administrator, you are not suppose to know someone
else’s password.
Reason 2: If I host the database on the hosting service, someone else
may have full access to it.
Other passwords, for example in egw_accounts table, are encrypted in the
database.
Jian Gao
Since no one should have access to the database in the first place and
that all communication between database server and php should happen
in a secure environment, I would not necessarily see a reason for it?
*From:*Jian Gao [mailto:jian.gao@sjgeophysics.com]
Sent: Wednesday, 7 March 2012 12:29 p.m.
To: egroupware-users@lists.sourceforge.net
Subject: [eGroupWare-users] felamimail save password as plain text?
Hi, All,
I just noticed that on the egw_felamimail_accoutnts table, all the
passwords saved as plain text!
Is there any way we can save encrypt password?
Thanks.
–
Jian Gao
IT Administrator
S J Geophysics
http://www.sjgeophysics.com
Tel: 604-582-1100
Virtualization& Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
Virtualization& Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
–
Ralf Becker
Director Software Development
Stylite AG
Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30
Email: rb@stylite.de
www.stylite.de | www.egroupware.org
Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer
Commerzbank BLZ 55040022 | Account 218111300
IBAN DE33 5504 0022 0218 1113 00 | BIC COBADEFFXXX
VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
