Current time: 12-22-2024, 09:06 PM Hello There, Guest! (LoginRegister)


Post Reply 
email password in clear text
Author Message
ghislain Offline


Posts: 3
Joined: Apr 2008
Reputation: 0
Post: #1
Question email password in clear text
hi,

From what i see in rc4 the email passwords are stored in clear. Is it not dangerous to store the email password in clear text in the database ?

I know that to provide 'i forgot my pass' feature you need this but is this tradeoff not a security risk ? Is there any technical reason for this ?

regards,
Ghislain.
04-16-2008 12:27 AM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #2
RE: email password in clear text
Yes - it's a not very good thing.
The point is: the passwords are not read directly from the database, they are stored in other flatfile databases (eg userdb for courier) and it may be that this behaviour will change in the next version (either another mda or maybe direct connection to the database). I think that's why there are still clear text passwords in it.

The big but: if someone has access to have a look at theese passwords, then you also have other problems... maybe it would be good to use an encryption for the clear text passwords (same with the sql user passwords).

/J
04-16-2008 12:36 AM
Visit this user's website Find all posts by this user Quote this message in a reply
ghislain Offline


Posts: 3
Joined: Apr 2008
Reputation: 0
Post: #3
RE: email password in clear text
of course the best is to use salted sha1 (md5 or sha1 without salt is vulnerable to rainbow table attacks). Postfix and courier seems to be able to handle this via the query in the DB you make in the cf.

Of course having the setup in flat file is a big win as when mysql dies the mails continues to work Smile

i do not know how it can be handled, of course files means better reliability to problems in mysql but means harder work for the control panel (sync between the files and the db ).

you have:

1/ postfix
2/ courier
3/ spamassassin/amavis (?)
4/ others (?)

all those should be able to work together with one user base. With all the vulnerability that appears, having password hashed in mysql makes it less likely that a cross scripting issue somewhere can lead to the passwords disclosure.

Perhaps the authentification could be done with pam localuser using a separate shadow file (and not the system one via the file parameter) with the rest of the data like quotas or spam settings in the db. Another big win with pam is that it can be altered to use pam_ldap or other without needing to touch the mail daemon configuration themselves.

arg, it seems rather complicated to do it right Smile

regards,
ghislain.
04-16-2008 02:41 AM
Find all posts by this user Quote this message in a reply
ispcomm Offline
Junior Member
*

Posts: 93
Joined: Apr 2008
Reputation: 3
Post: #4
RE: email password in clear text
I would cast my vote in favor of clear text passwords.

There's a very good reason to have clear text passwords on the server: This is because most challenge/response ways for autentication (cram-md5 etc) need to have the clear-text password to compute the hashes which are exchanged on the network (in clear).

Having an encrypted password to start with will limit the authentication mechanisms to plain old "plain-text" which means that the password is sent in clear on an (almost surely) unprotected channel (pop3/imap/smtp).

It's much better to have the password hashes on the network and clear passwords on the server than viceversa.

Also... if someone can peek in your databases and flat files on the server you're already in trouble beyound the simple clear passwords.

ispcomm.
05-02-2008 12:40 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)