1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

enable/disable demo mode?

Discussion in 'General Discussion' started by chadi, May 6, 2004.

  1. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    What is the absolute purpose of enabling/disabling demo mode for an account in WHM? I have an account I setup for control panel demo (I used demo.com) and provided a username/password simply "demo" and "demo" but is there another reason to have the demo mode enabled?
     
  2. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Not that I know of.
     
  3. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    anyone else know?
     
  4. SarcNBit

    SarcNBit Active Member

    Joined:
    Oct 14, 2003
    Messages:
    1,015
    Likes Received:
    3
    Trophy Points:
    38
    Know what? The *absolute* purpose?

    Use you imagination and come up with new ideas.

    It is there so you can give people a "tour" or DEMOnstration of the kind of GUI based configuration they can expect once they sign up for an account.

    Maybe you want to use it for training purposes?

    Use it as wallpaper?
     
  5. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    Swallow your sarcasm and re-read my first post. I specifically said I already setup an account with username/password demo. I even enabled the account to demo mode and found no difference at all. How's that sound to you mr.perfect?
     
  6. SarcNBit

    SarcNBit Active Member

    Joined:
    Oct 14, 2003
    Messages:
    1,015
    Likes Received:
    3
    Trophy Points:
    38
    So you are saying that setting up an account with a username and password of demo/demo apparently automatically places the account in demo mode? If that is true (I have not tried it), that is a feature I was unaware of (How's that for perfect?).

    If that is what it is doing then I imagine that they are simply using logic within the account creation script to check the name and flag the account. I will have to look for this. In that case there would in fact be no difference (other than account names) between named demo/demo accounts and flagged as demo accounts.

    Looking past coonfirmation of that logic, feel free to weigh in with any other uses you can come up with for demo accounts. :p
     
  7. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    If you cannot reply a post with sensitivity and politeness don't respond at all. You lack that logic for sure.
     
  8. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    chadi,

    It's sarcasm, not a personal attack on you.

    You have to admit that asking a question about what's the reason for having a demo account, is somewhat funny. The obvious, and pretty much only, answer that's going to pop into most peoples mind is "erm, it's for a demo account, to demonstrate cPanel".

    I don't think there's any hidden agenda behind a demo account.
     
  9. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    The reason I asked that is because I tested it in enabled and disabled mode and found no difference at all. That's the question "why" here.
     
  10. SarcNBit

    SarcNBit Active Member

    Joined:
    Oct 14, 2003
    Messages:
    1,015
    Likes Received:
    3
    Trophy Points:
    38
    I misunderstood the intent of your original question until you further explained it in your reply to me. I then posted a very polite reply (sorry you are on your own for the sensitivity pal) and was at some point this evening going to followup with my findings.

    I can only assume that english is not your primary language and that you are severly misinterpreting my replies.

    Take a few deep breaths and try not to insult people going out of their way to help you.
     
  11. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    Take a look again at your FIRST post. Your insults were not necessary. I speak English very well for your information. Telling me to use my imagination to come up with new ideas doesn't answer my question.
     
  12. Tom Pyles

    Tom Pyles Member

    Joined:
    Apr 26, 2002
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    Not to enter into the scrap going on in this thread, but could anyone explain the security behind the demo accounts. It was an issue I used to hear a lot about.....having a demo was a severe security risk. Is that still the case or has it been successfully hardened?
     
  13. SarcNBit

    SarcNBit Active Member

    Joined:
    Oct 14, 2003
    Messages:
    1,015
    Likes Received:
    3
    Trophy Points:
    38
    Fair enough. I am sure that what you wrote in your first reply made perfect sense to you when you wrote it. It was not very clear to me (I cannot speak for anyone else). It became clear to me what you were saying only after you further explained your question in your first reply to me.

    Being defensive in not going to help you get the answers you seek. Telling you to use your imagination was humor. Calling you names and telling you that you lack logic would have been insulting.

    I did a check test and did not experience the same results as you. I was able to use demo/demo as a username and password without having the account in demo mode. Looking through wwwacct, the only username restrictions that are clear to me are prohibitions on:

    test*
    >8 characters
    begining with a number
    containing a dash
    containing an underscore
    beginning with a dot

    I did not see anything that would lead me to believe that demo as a username automatically forces an account to demo mode. Granted, with your attitude I did not check very hard, but I wanted to see if such an instruction existed for myself (and more appreciative members of this forum).

    What I would like to know (and it might answer the question in the last post as well) is what script gets executed when you place an account in demo mode. I did not take the time to follow up on that one (I was being lazy again chirpy ;) ).
     
  14. dgbaker

    dgbaker Moderator

    Joined:
    Sep 20, 2002
    Messages:
    2,776
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    I can answer parts of this.

    Code:
    http://server.domain.com:2086/scripts/dodemoacct?user=userid&act=Enable
    This is how an account gets in demo mode. The dodemoacct script though is part of the whm binaries and cannot be accessed.

    Demo mode is exactly the same as a real account with only a few minor exceptions, the biggest one is not being able to create files. You can though still create databases and such.

    (not to be a plug but) this is one of the reasons we started cpaneldemos.com

    Hope this helps clear some things up.
     
  15. SarcNBit

    SarcNBit Active Member

    Joined:
    Oct 14, 2003
    Messages:
    1,015
    Likes Received:
    3
    Trophy Points:
    38
    Thank you. You saved me a few empty follicles ;)
     
  16. dgbaker

    dgbaker Moderator

    Joined:
    Sep 20, 2002
    Messages:
    2,776
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    Anything to save the hair. :)
     
  17. DuxAranea

    DuxAranea New Member

    Joined:
    May 1, 2004
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Anyone know any other differences in demo mode, or is not being able to create files the only thing?
     
  18. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    710
    Likes Received:
    2
    Trophy Points:
    18
    Some things you can do is:
    Assuming an account name of 'demo':

    1) Set the email accounts it can create to 0 so that only the system user is able to send mail.

    2) disable that system user from sending mail by doing this:

    In /etc/exim.pl in the checkuserpass funtion add this line after the $user if modified:
    Code:
       $user =~ s/\%/@/g;
       $user = 'GoAwayLuser' if $user eq 'demo';
    
    IE it should look like this:
    Code:
    sub checkuserpass {
       my($user,$pass,$shift) = @_;
       my($domain);
       my($owner,$homedir,$uid,$gid);
       if ($user eq "" || ($user eq $pass && length($shift)>0)) { #netscape sucks!
          $user = $pass;
          $pass = $shift;
       }
             
       $user =~ s/\%/@/g;
       $user = 'GoAwayLuser' if $user eq 'demo';
    ...
    
    This may not be 100% effective as there is still PHP scripts running as nobody that they could use, so it'd be good to tighten down your PHP install as well.
     
  19. SarcNBit

    SarcNBit Active Member

    Joined:
    Oct 14, 2003
    Messages:
    1,015
    Likes Received:
    3
    Trophy Points:
    38
    Thank you for the post. This is the first post I can remember seeing by a cpanel staffer acknowledging security issues within demo enabled accounts.

    I suppose that their may be people out there that want to demo email account creation via a cpanel demo account, but I would think those people are in the minority versus cpanel admins that want to be able to offer a secured demo experience. A number of people have begun offering flash or screenshot based demos. That may be fine for showing the email account creation functions. It is not quite the same as allowing a potential user to "walk through" the interface.

    Is there any work underway on a "one click" secured demo experience?

    When do you think that cpanel.net is going to once again offer access to a demo?
     
  20. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    710
    Likes Received:
    2
    Trophy Points:
    18
    No problem, I've seen several people wondering about it and the fact is you have to think of the demo account as giving a system account out to people, because that is what you are doing.
    In other words, the account isn't insecure so much as giving out the user and pass out to the world is :)
    So anything you can do to tighten security up will help but as usual not giving access will help more :)
    No idea on either question , I'm not a developer :)
     

Share This Page