Please encrypt passwords on 3CX server

Discussion in 'Ideas' started by Christoph Maggi, Dec 1, 2017.

Please encrypt passwords on 3CX server 5 5 10votes
5/5, 10 votes

  1. Christoph Maggi

    Joined:
    Dec 1, 2017
    Messages:
    5
    Likes Received:
    1
    Please encrypt all passwords stored on the server.
    If the 3CX database falls into wrong hands, all passwords are displayed in clear text! :eek: This is really a security issue and therefore please encrypt all passwords. Thank you very much.:)
     
    strint_echo likes this.
  2. Silly English Kniggit

    Joined:
    Sep 13, 2017
    Messages:
    215
    Likes Received:
    77
    You could say the same about the login to the admin console. Surely it would be easier and quicker for you to secure your system if this is a significant concern for you? If untrusted people have access to your servers, surely that's a much bigger issue.
    There are (unsupported) 3rd party reasons why having the passwords in plain is actually useful.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Christoph Maggi

    Joined:
    Dec 1, 2017
    Messages:
    5
    Likes Received:
    1
    That just makes me sad to read such a thing.:(
    Hopefully, 3CX sees this differently and will make the system more secure in the future.:)
     
  4. Vader the 2nd

    Joined:
    Dec 5, 2017
    Messages:
    2
    Likes Received:
    0
    Let's hope 3cx acts more responsible than Yahoo, Ashley Madison, Dropbox.... and improve create the system security
     
  5. SupportRequestor

    Joined:
    Mar 23, 2016
    Messages:
    29
    Likes Received:
    8
    It's never a good idea to store passwords in the clear and if an untrusted individual ever did gain access it's better not to have the information in the clear.
     
    Vader the 2nd likes this.
  6. Silly English Kniggit

    Joined:
    Sep 13, 2017
    Messages:
    215
    Likes Received:
    77
    That's true. However as I said there are other reasons why maintaining it unencrypted is useful. In a tightly integrated system using encryption across the board would be easy to do - with a system like 3CX where it's deployed using 3rd party hardware (and often software too) there are interoperability and supportability issues to consider as well as security.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...