+1
Færdig

Secure credential storage

James Lott 11 år siden opdateret af Eugene Pankov (Project coordinator) 11 år siden 0
I noticed that all of the data stored by ajenti which is not stored by the system istelf (such as /etc/passwd users) is kept in a single, plain text .json file in /etc/ajenti. This is probably find for things like enable/disable ssl, but for plugins which store credentials, this is less than ideal. For example, anyone who wants to adminster their MySQL database from Ajenti needs to have the MySQL plugin store the MySQL root user and password. I really do consider it one of Ajenti's major bonus aspects that it has no need for a database, but storing passwords (especially one as important as your MySQL root user) in plain text seems like an obvious no-no. I understand that this makes it convenient for the user, because they don't need to re-enter the password, but that is an extremely high security cost for that convenience. With as brilliant of a product as Ajenti is, I'm sure the minds developing it can put their heads together to find a solution which strikes a servicable balance between security and convenience.

Svar

Svar
Færdig

Fixed by enforcing -rwx------ on config.json.

Svar
Færdig

Fixed by enforcing -rwx------ on config.json.

Kundesupport af UserEcho