Wise Cloud

Wise Cloud

Closed

While creating a new server or a new site with system user, Ploi sends out by email the passwords in clear text, and that's quite a bad security issue especially that you are sending out the sudo user and server address.

More than this, these passwords cannot be changed from the dashboard so whoever gets access to the email, they will have full access to the server.

In order to mitigate this issue I suggest to have a way through the ploi dashboard to show/edit the password after entering again the account password.

Please please please don't send passwords in clear by email.

Frankly speaking, I'm new to ploi and because of this way of dealing with server passwords I'm now thinking of finding a different solution for server management.

Dominic

Dominic

·
·

I think Profile --> Settings --> Receive server passwords in your e-mail about new server installations is what you're looking for.

no votes yet
Dennis

Dennis

·
·

Correct, like @Dominic says, you're free to change that setting.

no votes yet
CotCotDev

CotCotDev

·
·

Hello,

What is the purpose of this password as:

  1. We can't login with password
  2. We can't login with root user

?

Thank you.

no votes yet
Log in to comment

[critical] Don't send passwords by email in clear text

1 total vote
Wise Cloud

  • Dennis moved item to board Closed

    1 year ago

  • Wise Cloud moved item to project Bugs

    1 year ago

  • Wise Cloud created the item

    1 year ago