How/where are the "internal user" passwords stored?

KB Home   |   How/where are the "internal user" passwords stored?

Q I wish to use the internal users feature but have concerns about security. How and where are the user’s passwords stored?

All information associated with an internal user (normally used for guest user account management) is stored in the PaperCut Database. The passwords are not stored in plain text. Passwords are stored as a one-way hash in line with security best practice - a BCrypt sum factored from a combination of username + password + a salt. This use of a secure one-way hash ensures that users’ passwords are kept private even if someone has access to the PaperCut database.

This same security policy applies to the in-built admin password.

The password used for external users (e.g. LDAP or Active Directory) are never stored or cached. All password validation for external users are done with a real-time lookup/query to the external system.


Categories: Security


Keywords: security, password storage

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on April 12, 2016, at 12:03 PM
Printable View   |   Article History   |   Edit Article