[PLUG] PLESK - was Joe Jobbed

Carlos Konstanski ckonstanski at pippiandcarlos.com
Sat Oct 6 22:58:19 UTC 2007


At Sat, 06 Oct 2007 15:25:50 -0700,
Ronald Chmara wrote:
> As a different, *much* more simple, example of what I think is  
> fundamentally wrong with Plesk, an admin-level db password is stored  
> on the hard-drive.
> 
> ....In plaintext.
> 
> This kind of architectural/security "no-no" is so jaw dropping, eye- 
> popping, just plain *bad* enough that it can make experienced admins  
> weep.
> 
> (Of course, it's also helped me un-bonk some plesk problems for  
> clients, so FYI, the plesk mysql master user is "admin", the pass is  
> 'hidden' in /etc/psa/.psa.shadow )
> 
> -Ronabop

Oracle has been doing this for years in their enterprise software
offerings.  In fact, I have to supply a username and password on the
command line to fire up an Oracle ERP 11.5.10 application server.
(But it's handy because I can do a "history|grep adstrtal" if I forget
the password.)  All this on an enterprise accounting system, where
security should count for something.  Which planet is Oracle
University located on, anyway?  Maybe it's a perfect world, where no
one does dishonest things online and you can throw 16 CPUs and 16G RAM
at every problem.



More information about the PLUG mailing list