yggdrasil Posted July 20, 2020 Share Posted July 20, 2020 Password should not be readable in the mail history users account. There should be a special variable field for email templates for secrets of sensitive data. Passwords should be inside those brackets. When composing email templates, the data should be sent top the user but afterwards removed if it's contained with the sensitive/secret variables tags. WHMCS should detect this and erase or replace them, so they are not displayed in the emails history on the users account or registered in the SQL database in plain text anymore. Ideally they should be replaced with ******* This would avoid an attack that compromises an account in the future just looking at the mail history to get server and account logins. I know, I know, users are supposed to change them after first login but some don't and it looks just very bad in terms of security to be able to permanently see the login details by looking at the mail history. This also defeats the sub user account permissions if they can just look at the mails history and get the logins for accounts which they don't have access. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Dan Posted July 22, 2020 Share Posted July 22, 2020 This would be a great Feature Request, you can raise this here so we can gather community votes and feedback: https://requests.whmcs.com 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.