Skip to main content

Feature Request - Ability to remove the password column from user exports

Justin Lee

When exporting the user list from Cerberus the passwords are exported too.  This is a security concern as anyone with access to the console can export the entire list and leave the file on our servers or anywhere else on the network.  If we had the option to simply export the users without the passwords then that would help better secure our environment.  Can we get an option to export without passwords?

1

Comments

1 comment

Date Votes
  • Jeff Scott
    Product Support

    Hi Justin,

    Thanks for submitting your feature request.  First, I would like to understand a bit more about your request.  We have a guide on how to submit requests, and I would ask that you please review it and answer the questions in the guide when submitting the request.  https://support.cerberusftp.com/hc/en-us/community/posts/1500000413782-Feature-Request-Guidelines 

    The passwords are hashed when stored in the CSV.  However if you are not comfortable with the values in the CSV, you could simply delete the row in the CSV.  The purpose of the export feature is to move users from one server to another during a migration.  If you don't have that field in the CSV, then you are going to have to recreate every user's password and communicate that to them.  The use case for not including the passwords in the CSV export is quite low, and the work around would be to delete the row.  If you can provide more details by answering those questions, then we can proceed with filing the enhancement request. 

     

    From our support article on importing and exporting users

     

    By default, Cerberus assumes the password field in the CSV file contains a plain text password. However, if the password begins with a hash type enclosed in pairs of curly brackets then Cerberus assumes the text that follows is a base16-encoded salt and hash of a password. This capability allows you to import user account data when all you have is the hash of the user’s password.

    For example, the following password text will be interpreted as a password hash:

    {{SHA1}}254A08D8B2E49413F242C0ED6888DD99F3E53A500C01D6B0D5B9EB414394

    See our section on password storage formats for supported hash algorithms and general formatting information for the base16 hash.

     

     

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post