Is it ok for smtp_password to be stored as plain text password in qa_options table?

Question

The smtp_password is stored as a plain text password in qa_options table. Is this normal or a security risk?

Answer 1

That's a fair question. I think it's a different situation to users' passwords, because those should be hidden from everyone including admins. Plus users may use the same password on different sites. If the db is breached then you've given away full details of all your users, as opposed to just one email login that you can change.

In some ways, storing the email password in the db is not much different from storing it in a config file (like the db details are currently). But with the config file there is the opportunity to add extra security (like using environment variables which I believe are considered best practice these days).

So I think it would make sense to allow the email settings to be defined in the config. I'll look into doing that.

Answer 2

I think it is normal. When using SMTP server, some authentication protocol is required. Usually, encrypted data is irreversible. We can not decript it. Therefore, password is stored in the database without being encrypted. Q2A seems to use LOGIN authentication type. In this type, password encoded with Base64 is sent to the transmission line. This is not dangerous, but it is also not safe. We should consider to use CRAM-MD5 that does not send passwords to the transmission line.