I’m not sure if this is the right place to post this. If not, I apologize.
I’m a little concerned because I noticed the other day in my account that I was able to see, in plain-text, my database password on my account. I would assume this means dreamhost doesn’t store the hashes, but plain-text passwords. This has never been a good security policy and there is no need to not store the hashes.
Especially in light of the various security companies being hacked lately, it should be a wake-up call to harden security where it doesn’t affect functionality, like with hashing passwords.
If I’m completely off base with this, please explain. From what I understand, in order to display a plain-text password in the webpanel, you have to have a plain-text password stored. Hashing algorithms are one-way.