[PLUG] PLESK - was Joe Jobbed
Carlos Konstanski
ckonstanski at pippiandcarlos.com
Sat Oct 6 22:58:19 UTC 2007
At Sat, 06 Oct 2007 15:25:50 -0700,
Ronald Chmara wrote:
> As a different, *much* more simple, example of what I think is
> fundamentally wrong with Plesk, an admin-level db password is stored
> on the hard-drive.
>
> ....In plaintext.
>
> This kind of architectural/security "no-no" is so jaw dropping, eye-
> popping, just plain *bad* enough that it can make experienced admins
> weep.
>
> (Of course, it's also helped me un-bonk some plesk problems for
> clients, so FYI, the plesk mysql master user is "admin", the pass is
> 'hidden' in /etc/psa/.psa.shadow )
>
> -Ronabop
Oracle has been doing this for years in their enterprise software
offerings. In fact, I have to supply a username and password on the
command line to fire up an Oracle ERP 11.5.10 application server.
(But it's handy because I can do a "history|grep adstrtal" if I forget
the password.) All this on an enterprise accounting system, where
security should count for something. Which planet is Oracle
University located on, anyway? Maybe it's a perfect world, where no
one does dishonest things online and you can throw 16 CPUs and 16G RAM
at every problem.
More information about the PLUG
mailing list