Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Duplicate
-
Affects Version/s: 3.0
-
Fix Version/s: 3.1
-
Component/s: Core CiviCRM
-
Labels:None
Description
The CiviCRM SMTP server password is stored in clear text in the database. Probably should be encrypted.
When I started learning CiviCRM a couple of months ago, I experimented with different mail settings. I went back and forth between the SMTP and Sendmail options. (I'm using Sendmail now in my dev setup.)
I had to grep my MySQL db dump today, to remind myself which settings I used a while back. When I did that, I saw that the dump file had my SMTP password in there.
Unfortunately this password is used for a real, production SMTP server I control. Even worse, it's a password I use for other important purposes! Anyone who can read the dump file now has my password, which obviously I need to go change in the real world.