Database passwords


#1

Hi everyone,

I’m not sure if this is the right place to post this. If not, I apologize.

I’m a little concerned because I noticed the other day in my account that I was able to see, in plain-text, my database password on my account. I would assume this means dreamhost doesn’t store the hashes, but plain-text passwords. This has never been a good security policy and there is no need to not store the hashes.

Especially in light of the various security companies being hacked lately, it should be a wake-up call to harden security where it doesn’t affect functionality, like with hashing passwords.

If I’m completely off base with this, please explain. From what I understand, in order to display a plain-text password in the webpanel, you have to have a plain-text password stored. Hashing algorithms are one-way.


#2

Sure, using hashed passwords is generally considered better, but think of the mysql-passwords that are in your PHP files on your websites: they are also in plain-text.

So you’d like a house where the front door is bolted and locked with alarms and stuff - but the back door is wide open?

Ok, just joking, but security issues are a balance between security and convenience. I can’t say if DH has found the right point, but they are not completely off their rocker.


#3

I suppose you’re right. I had forgotten that the passwords were also stored in the .php files. No, I don’t think DH is “completely off their rocker.” However, I also don’t see how storing the hashes would affect convenience for users.

It definitely would matter if the passwords are stored by DH in a user table (along with other account info) since that means many passwords stored in more or less the same place rather than being spread among countless random php files.

As you can see, I’m not amazingly experienced with writing web applications. I’m a sys-admin for a small non-profit. We take network security seriously where I work and from my point-of-view, this looks like a vulnerability.


#4

It would make some important, useful features, such as One-Click Installs, considerably less usable. That’s reason enough to keep them around — especially as we have some much more hazardous passwords, like the superuser passwords for each of the MySQL servers, stored centrally as well.

[size=x-small](Before you ask: Yes, we need those passwords stored in a readable format as well. They’re used by our management tools to create databases on demand, as well as for automated backups.)[/size]

MySQL passwords are not strongly protected secrets. Don’t set them to be the same as anything important.


#5

Thank you for explaining it. To clarify, I’m not trying to be difficult. I’m just trying to understand, that’s all. I see how you would need them stored that way and I imagine other hosts do the same kind of thing, though I’ve never noticed it.