WebMail Pro documentation

Using salt for protecting passwords

In WebMail Pro, we protect user and admin passwords by encrypting them with the use of salt. The salt is stored in data/salt8.php file, its location cannot be changed - unless you move the data directory itself elsewhere as shown here.

When the installation is deployed and you start using it, the file will be created automatically. It's practically safe to state that salt value is unique for each installation.

While it's possible to delete salt file and have it recreated, this is NOT recommended. Changing the salt value makes it impossible to decrypt passwords stored in the database. Once you log into your account, password will be encrypted with new salt and updated in the database. But if you add accounts to your primary one, there's currently no way to update their passwords, The only option available is to remove an account and add it again.

If you cannot log into adminpanel after changing salt value, you can reset password as described here.