0006019: Why does SOGo store SQL username and plain password in SQL table `sogo_folder_info`? - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0006019	SOGo	Backend General	public	2024-09-05 09:14	2024-09-05 09:14

Reporter	zhb	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open

Summary	0006019: Why does SOGo store SQL username and plain password in SQL table `sogo_folder_info`?
Description	SOGo is working and configured to use MariaDB as backend SQL database. But why does it store SQL username and plain password in SQL table `sogo_folder_info`, columns `c_location`, `c_quick_location` and `c_acl_location`? I understand it needs SQL access, but can we keep SQL username and passwords in just sogo config file `/etc/sogo/sogo.conf`? Similar issue, while backup sogo data for user with LDAP backend, it dumps full LDAP data of this user in stored in backup file (`ldif_record`), is it really necessary? [sogo]> select * from sogo_folder_info \G ... ************************* 10. row ************************* c_folder_id: 80 c_path: /Users/user@domain.com/Calendar/E1DA9094-8403-4B4B-944E-551C8CAAD530 c_path1: Users c_path2: user@domain.com c_path3: Calendar c_path4: E1DA9094-8403-4B4B-944E-551C8CAAD530 c_foldername: Test c_location: mysql://sogo:<plain-password>@127.0.0.1:3306/sogo/sogouseriredm001411be28d c_quick_location: mysql://sogo:<plain-password>@127.0.0.1:3306/sogo/sogouseriredm001411be28d_quick c_acl_location: mysql://sogo:<plain-password>@127.0.0.1:3306/sogo/sogouseriredm001411be28d_acl c_folder_type: Appointment
Tags	No tags attached.

Date Modified	Username	Field	Change
2024-09-05 09:14	zhb	New Issue