View Set Passwords & Systray Admin Password

Additional features you would like to see added, changed, or removed. This forum isn't just for the Cerberus FTP Server application. Feel free to post suggestions for anything related to Cerberus (the website, this forum, ect.)
Post Reply
Tornado

View Set Passwords & Systray Admin Password

Post by Tornado » Thu May 27, 2004 8:48 am

1) The ability to view the passwords actively set onto the accounts.

2) An option to type a password when restoring the program from the systray. Prevents the accounts in option 1 above from being compromised.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Tue Jun 01, 2004 1:20 am

I think #1 seems reasonable. It is hard to argue that auditing is a bad thing. However, I don't believe #2 should be a feature. Server machines should always be locked down, preferably by not allowing anyone but an admin user to log on. In addition, any business serious about security would usually physically lock a server away where only authorized personel would have access.

At the very least, an admin should never leave a logged-in server machine unlocked when not physically present. Using basic Windows security seems more appropriate for this task.

Thanks for the suggestions,

Tornado
Senior User
Posts: 234
Joined: Tue Jun 08, 2004 9:39 am
Location: Australia

Post by Tornado » Tue Jun 08, 2004 9:44 am

Serin, I completely agree with you when the subject turns towards servers and administrative management, but have you considered the options relating to stand-alone PCs such as home computers?

Many homes may have multiple people using the computer system, often under the same user account. My personal thoughts indicated that this would hence become a viable option for those people.

Just an idea.
Last edited by Tornado on Tue Jun 07, 2005 9:17 pm, edited 1 time in total.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Tue Jun 08, 2004 12:30 pm

Actually, I must have misunderstood your first option. I definitely don't believe the administrator should be able to view the passwords set on an account.

The reason for not allowing administrators to view passwords is two-fold. First, an administrator has no business knowing what a user's password is. Many users use the same or similiar password for many different applications. Allowing anyone, even an administrator, to know a user's password presents a significant security risk. Besides, passwords can always be reset by the administrator.

I plan to add the ability for Cerberus users to change their passwords using a special command. This feature should be documented and available in the release version of 2.2. If the administrator decides to use NT integrated authentication, this problem isn't even an issue.

The second reason is that the passwords are not actually stored by Cerberus. Instead, an irreversable hash(SHA-1) value is stored by the application. This is the most secure way an application can store password information.

Tornado
Senior User
Posts: 234
Joined: Tue Jun 08, 2004 9:39 am
Location: Australia

Post by Tornado » Tue Jun 08, 2004 6:52 pm

I think they are both fair statements.

My initial thought on showing the password was based on the users forgetting the password you previously set for them, and simply retrieving the password for them. Saves time having to process new passwords, especially when the adminstrator has to create a strong password (e.g. using 3rd party software to randomise a password)

Since the administrator would set the password initially, the issue of knowing the password wouldn't be a problem, but you also indicate that users would be able to change their password in 2.2, so my suggestion would now become a problem, so we'll leave it as is.

As stated, I agree with you on your reasons. Thanks

Silverion (not signed in)

Security of Admin seeing passwords

Post by Silverion (not signed in) » Thu Aug 26, 2004 4:56 pm

Actually, the adminstrator has full control over all peoples, and has a responsibility to control the users. I run free webhosting via FTP for my users, and if they need passwords changed or something, they email me with a request for change. I personally dont have a problem with setting and maintaining the accounts for them, and I feel as the adminstrator of my domain, I have a right to be able to keep a user in control, while allowing the user to have the convenience and good feeling that someone is keeping their data safe. Don't tell me the adminstrator has no right to a password, if that is true, the the administrator has no right to run that server.

I know one thing though. I am about to download the latest update of Cerberus. I know that when I do, it had better copy the users and passwords into the new install for me, because its gunna be hell to ask all of my users for new usernames and passwords.

mdj
Moderator
Posts: 656
Joined: Mon Aug 18, 2003 4:00 am
Location: Denmark
Contact:

Post by mdj » Fri Aug 27, 2004 3:38 am

When you install a new version of Cerberus, it will always keep the old settings, users and passwords - unless you specifically ask to have them removed when uninstalling the old version. And you can always make a simple backup of the registry keys used, so you can easily restore them, or even move the entire population to a different server.

I agree with Serin, that an administrator should NOT have access to read the passwords! You say "Don't tell me the administrator has no right to a password", but he has: He can reset it as he wishes, he just can't read it. One of the rare cases of "write-only access". So you can still "keep a user in control", even without reading his password.

Being able to see the "password" used for anonymous users is another story. Anonymous users should use an e-mail address as password (if they wish), so that the site administrator can get back to them if needed, so that "password" should be readable in the log, but I understand that feature is already on the to-do list.
Last edited by mdj on Mon Sep 03, 2007 3:05 am, edited 1 time in total.
Morten Due Jørgensen
http://www.mdjnet.dk

Silverion (not logged in)

Post by Silverion (not logged in) » Mon Aug 30, 2004 5:42 pm

what if the occasion happens that they want to retrieve their current password, and you are sure they are who they say they are?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Tue Aug 31, 2004 12:16 am

Hello,

But why wouldn't simply resetting their password and allowing the user to choose another suffice? You can never have full accountability for a person's account if more than one person has that account's password.


BTW, user's can now change their passwords with the new version of Cerberus, 2.2. Just released today!

Gratemyl

Reply

Post by Gratemyl » Tue Dec 07, 2004 1:41 pm

Users should be able to change their own password, i totally agree with that! it is good that you are thinking of integrating this, but how, because it is ftp after-all ;) how about running a server (HTTP) on some special port?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Mon Dec 27, 2004 9:38 pm

Using FTP, the command is

site pswd fromPassword toPassword

NitroxDM
New User
Posts: 4
Joined: Sat Sep 01, 2007 1:12 pm

Post by NitroxDM » Sun Sep 02, 2007 1:27 am

I needed to see the password of someone trying to logon to my server, so I spent a few hours and found the code for a simple FTP server in C# after cannibalizing it, I now have a listener that will show and log the username and password of every user that attempts to logon. The downside is that you can’t run the listener and the server at the same time. If you need/want the code send me an email.

P.S.

Thanks for such a great server! Keep up the good work!

rower
New User
Posts: 4
Joined: Thu Feb 07, 2008 1:45 pm

Post by rower » Thu Feb 07, 2008 2:19 pm

i know, you there have some reasonable thoughts about security.
still, i know several situations why and when an option for "do not encrypt user password" could be useful and _needed_.

- user has forgotten his "universal password for everything". okay, you can change his pass, he gets his FTP account back, but that does not help to refresh his memory.

- you want to keep an eye on your users password security. no blanks, no wellknown passwords, etc. sniffing for user passwords in that case is like scratching your left ear with your right foot right through the asshole.

- you need to setup an automated script for doing something somewhere. ASAP. it interacts with system of other scripts, having same username, same access rights, same everything, the only thing that differs might be an FTP server. just think of synched backups via FTP. done worldwide. unfortunately - you have forgotten that damn strong password you where using. or not the password itself, but a caps pattern you used for its creation. changing it on the server involves changing it in several other locations also. sniffing might be ineffective because you can nt initiate

- you know, that in some near future you will be porting your machine with everything to some other platform. and maybe - splitting users over several machines. that should be done fast and transparent to users. sniffing for passwords is really uneffective in that case.

so, i beleave that a checkboxes for "store passwords using reversable encription", "reveal (decrypt) user password" and "damn, yes, i know it's a security risk" should be somewhere there.

rower
New User
Posts: 4
Joined: Thu Feb 07, 2008 1:45 pm

Post by rower » Thu Feb 07, 2008 2:32 pm

NitroxDM wrote:I needed to see the password of someone trying to logon to my server, so I spent a few hours and found the code for a simple FTP server in C# after cannibalizing it, I now have a listener that will show and log the username and password of every user that attempts to logon. The downside is that you can’t run the listener and the server at the same time. If you need/want the code send me an email.

P.S.

Thanks for such a great server! Keep up the good work!
there is a software called "sniffer". several sniffers have sofisticated filters, allowing to catch only specific type of traffic. i for myselve (under Win) am using a package called SpyNet (its sniffer is called CaptureNet). it allows you to filter out, display and _save_ packets even by pattern. and all that - from _live_ connections. that means - your ftp server not only might be running, it HAS to be running.

Post Reply