Search The ForumSearch   RegisterRegister  LoginLogin

AfterLogic Aurora
 AfterLogic Forum : AfterLogic Aurora
Subject Topic: Cleartext passwords Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
solkmaaker
Senior Member
Senior Member


Joined: 28 June 2020
Online Status: Offline
Posts: 192
Posted: 29 June 2020 at 9:31am | IP Logged Quote solkmaaker
How come admin can see all users passwords in clear text?
This raises some security concerns.
What is the purpose of this?
Back to Top View solkmaaker's Profile Search for other posts by solkmaaker
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6168
Posted: 29 June 2020 at 11:54pm | IP Logged Quote Igor
The passwords are not stored in clear text, they're stored in an encoded manner, but that has to be a two-way encoding rather than hashing as passwords are submitted over to mail servers.

Also, I believe the only way for admin to view passwords in clear text is by using EAV viewer to browse the database directly - and in that case, having passwords displayed in clear text makes sense to us.

--
Regards,
Igor, Afterlogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
solkmaaker
Senior Member
Senior Member


Joined: 28 June 2020
Online Status: Offline
Posts: 192
Posted: 30 June 2020 at 1:59am | IP Logged Quote solkmaaker
Yes, i was talking about EAV viewer.

I was just wondering what purpose storing password has, since user has to enter credentials when he logs in every time anyway.
And also, if superadmin account gets compromised, result would be that every user account is compromised too.
Back to Top View solkmaaker's Profile Search for other posts by solkmaaker
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6168
Posted: 30 June 2020 at 2:15am | IP Logged Quote Igor
The primary purpose is to make sure users can add multiple accounts to their primary account ("Add New Account" button of "Email Accounts" screen of Settings area) and then switch between those with a dropdown tool.

If you wish, you can disable EAV viewer by setting "Disabled" to "true" in data/settings/modules/EavObjectViewer.config.json file.

--
Regards,
Igor, Afterlogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
solkmaaker
Senior Member
Senior Member


Joined: 28 June 2020
Online Status: Offline
Posts: 192
Posted: 30 June 2020 at 2:30am | IP Logged Quote solkmaaker
OK, with multiple accounts, it makes perfect sense.

Thank you for answers.
Back to Top View solkmaaker's Profile Search for other posts by solkmaaker
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide