Password safety

  • Resolved paulzuurbier

    (@paulzuurbier)


    1 year, 8 months ago

    I have a question about how the passwords are stored. When I used a previous version of WP mail SMTP (years go) my password was hacked within days. It used a plain field to enter the password, just like your plugin. They tackled the problem and the password is now set by changing the wp-config.php file. No hacking problems since then. How do you secure the passwords? It is important because the calendar credentials are the same as my server credentials.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author hoernerfranz

    (@hoernerfranz)

    Hi Paul,

    you are right in that the Password for the CalDav Server is stored inside the WP Database as plain Text, although the latest Version uses a password type input Field, which prevents at least to be seen by someone looking over your shoulder ??

    The Problem is: it cannot be stored as an e.g. md5 hash, because it is not used inside WP (which would allow that) but must be sent to the CalDav Server (usually via https, which is secure) as plain Text.

    So, I guess, there is no way to improve this.

    Plugin Author hoernerfranz

    (@hoernerfranz)

    so, well, I once again had a look at WP smtp Plugin, and yes,

    that has the Option to store Credentials as Constants in the wp-config.php File.

    The problems with wp-caldav2ics w.r. to do the same are:

    so, I’m closing this now as WONT’FIX

    Thread Starter paulzuurbier

    (@paulzuurbier)

    Thank you for looking into this. Maybe I will create a seperate account with only calendar permission and then share the calendars of interest with this restricted account read only.

    Plugin Author hoernerfranz

    (@hoernerfranz)

    yes, I think that is a viable Option – read only access is all what the Plugin needs.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Password safety’ is closed to new replies.