Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Security Issues

Discussion in '3CX Phone System - General' started by David Mactaggart, Jan 21, 2016.

Thread Status:
Not open for further replies.
  1. David Mactaggart

    Joined:
    Jun 19, 2015
    Messages:
    4
    Likes Received:
    0
    Hello,

    Can you let me know if there is any plans to increase the security of the system. Currently if you have access to a backup of 3CX you can gain the passwords used for everything. Are you planning on adding encryption to the backups or anything that would make this inaccessible without a password?

    Thanks,
    David
     
  2. Futureweb

    Futureweb New Member

    Joined:
    Jun 29, 2015
    Messages:
    163
    Likes Received:
    15
    Hi,

    I would suggest to use correct Folder Permissions - so noone can access Backup Folders except Users which are allowed to.
    Apart from the fact that only Persons which are allowed have access to the PBX should be able to log into that System.

    Andreas Schnederle-Wagner
     
  3. David Mactaggart

    Joined:
    Jun 19, 2015
    Messages:
    4
    Likes Received:
    0
    That is fine but you still shouldn't be able to access all passwords from an XML file in an unencrypted ZIP file
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,073
    Likes Received:
    323
    In the past, some users, having forgotten their password, (I know, I know), have had to resort to recovering it from the backup, so in those cases, it's a good thing that it wasn't encrypted.

    Personally, I think that asking 3CX to encrypt the backup file , is simply removing the responsibility from the users, to ensure security of their own system/files. You could submit a Feature Suggestion, of an option, to allow password protection of the zip file... http://www.3cx.com/forums/3cx-ideas-f57.html
     
  5. David Mactaggart

    Joined:
    Jun 19, 2015
    Messages:
    4
    Likes Received:
    0
    It's not about removing responsibility from the user but no decent program will store passwords in plain text anywhere, I will raise it on the ideas page though
     
Thread Status:
Not open for further replies.