Hello,
I think we have a big security problem with cPanel; in fact, we have user "root" enabled with web interface login.
It's too much for me: the best is, during installation, to create an unprivileged user, like "john", and if John want to use some command, need to use sudo or su.
But a form with user "root" enabled is not safe in my opinion. I use a key for ssh, we need to think a "key" system or "two steps authentication with email or mobile phone".
What do you think? I'm just paranoid or it's a real problem?
I think we have a big security problem with cPanel; in fact, we have user "root" enabled with web interface login.
It's too much for me: the best is, during installation, to create an unprivileged user, like "john", and if John want to use some command, need to use sudo or su.
But a form with user "root" enabled is not safe in my opinion. I use a key for ssh, we need to think a "key" system or "two steps authentication with email or mobile phone".
What do you think? I'm just paranoid or it's a real problem?