password placeholder in admin/reseller backups

Version 1.531


New internal directadmin.conf option: password_placeholder=XXXXXXXXXX where you can change the value to something else. The value will be put into the <input type=password name=ftp_password value="XXXXXX"> instead of the plaintext ftp_password or plaintext encryption_password. Anytime the form is saved, either creation of a new cron, ftp listing update.. or modification of a cron, the existing back-end password will be loaded into DA internally, decrypted, and will replace the XXXX string with the actual value. This should improve security, as the password are no longer saved in the html as plaintext. The reason for making a password_placeholder variable, is in case someone actually wants to use a password value of XXXXXXXXX.. They could then set password_placeholder=YYYYYYYYY for example. Of course, using XXXXXXXXX for a password is a terrible idea anyway, so don't do it ;) No skin changes should be needed, as DA figures things out internally. The calls to the task.queue will still use the base64 password, as it's translated internally in DA before it gets to the task.queue. If this is buggy or you like having the plaintext in the form, the add the empty value to the directadmin.conf: password_placeholder= and DA will set it internally as (null), and things should work as before.

Interested to try DirectAdmin? Get a 30-day Free Trial!