The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Different password for all services

Discussion in 'General Discussion' started by Evan Heidtmann, Mar 31, 2016.

  1. Evan Heidtmann

    Evan Heidtmann Registered

    Joined:
    Mar 31, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Portland
    cPanel Access Level:
    Root Administrator
    Is this still the policy of the cPanel project? I'm concerned that any information disclosure vulnerability that exposes my settings.php file (which contains mysql credentials) could be escalated to a user compromise and arbitrary code execution via an SSH or FTP login.

    Thanks for any advice in using cPanel securely, in this and other situations.

    Evan
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I moved this post to it's own thread.

    Yes, by default, the MySQL password for the cPanel username matches the password for the corresponding MySQL username. It's a good idea to use a separate MySQL database username for your database as opposed to the cPanel username of the account to prevent the behavior you are referring to from happening. In addition, should you decide to change the default MySQL password for an account, you can do so via:

    "WHM Home » SQL Services » Change MySQL User Password"

    Thank you.
     
Loading...

Share This Page