Possible security risk!

[fkoss]

Thank you for your contribution!

I gave it a try but find out, that it stores the users password in plaintext within the .mobileconfig file.
You should never ever store plaintext passwords in text files. In case of some misconfiguration of the webserver some hackers could grab the .mobileconfig file and gain access to the mailbox or whatever this password provides access for.

My second suggestion is to automatically sign the .mobileconfig file by openssl. End users who need a .mobileconfig file due to lack of technical knowledge may trip over the warnings about installing a non-signed config script.

If I've got some minutes left, I would add my suggestions and will let you know about.

Regards, Frank

[paspo]

I absolutely agree with you on never storing plaintext password.

The unencrypted password is stored in the .mobileconfig file but this file is never saved on the server. This file is generated on the fly when the user asks for the download, with the password used in the PHP session. In fact, the download link is valid only inside and authenticated session.

Encrypting the whole payload is the only method supported to avoid plaintext passwords in the .mobileconfig file.
So the support for signing and encryption is the logical path to follow.