First off all im really impressed by this software , it looks simple but it is very advanced but i do have some questions about security:
How are the password stored in the server version ? I don’t see any MySQL or SQLite of something in this manner for database so if someone have access to your server is it possible to extract somewhere the passwords?
I see the server installer guide is only for Ubuntu what about Centos/Red Hat? i made a simple copy paste tutorial for my self , so if someone want give me a jell
If someone has physical access to your server, that is they can access .manager files in data folder, they don’t need to know the password. They could just copy .manager files from the server and gain access to the data.
Users are stored in a file 00000000-0000-0000-0000-000000000000.manager but not passwords. Manager never writes passwords to the disk. That would be insecure. Passwords are always hashed using BCrypt function so it’s impossible to know what the password actually is even if attacker gains physical access to file called 00000000-0000-0000-0000-000000000000.manager.
In this aspect, Manager is as secure as any other server-based software.
Sorry, we don’t provide installation support for CentOS. It should work though, you just need to install Mono Framework on CentOS and launch Manager Server exactly the same way you’d do on Ubuntu.
