The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Feature Disabled but user can still access it by changing URL

Discussion in 'General Discussion' started by ashii, May 3, 2007.

  1. ashii

    ashii Member

    Joined:
    Sep 26, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    in my WHM "Fetaure manager" I have disable access to MYSQL.
    Now users did not see link for MYSQL in their account but they can stil guerss the url and change it to /frontend/x2/sql/index.html and access it.

    I did not understand why its doing that.
    This will be true for all features disabled through "Feature Manager" ?
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I have submitted a bug entry regarding this issue: http://bugzilla.cpanel.net/show_bug.cgi?id=5333
     
  3. ashii

    ashii Member

    Joined:
    Sep 26, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Until a FIX for this is available do we have a shortcut available?
    May be something like removing sql directory from x2 theme.
    I tried to find on server if I can find a folder that named x2 but did not understand where cpanel theme folder are created?

    Any suggestion is highly appreciated.
     
  4. cpanelgermain

    cpanelgermain Member

    Joined:
    Mar 21, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Feature Manager

    What features do you turn off most often?

    Thanks
     
  5. ashii

    ashii Member

    Joined:
    Sep 26, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    We want to disable MYSQL and PHPMYADMIN
    NOTE:Uses Accounts will have hidden MYSQL databases but they will not be able to access them their self.

    As a root we can access PHPMYADMIN using WHM.
     
  6. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Have you considered using the excellent "rvskin" cpanel theme? It has a feature manager that blows the cpanel system out of the water. If you disable a feature in rvskin for an account or package, then the user will not be able to access the feature even if they know the URL.

    Highly recommended! Here's a direct link:

    http://www.rvskin.com/index.php?page=public/features#3
     
  7. ashii

    ashii Member

    Joined:
    Sep 26, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I did consider but their Interface(as seen on their screen shots ) is too crowdy and I am unable to understand all the Demos they placed on the site(None of them work through)...

    At the same time I don't want to change basic theme as most of users are familiar with it already.What we are looking is just basics that cpanel already provide but just with a bug.
     
  8. ashii

    ashii Member

    Joined:
    Sep 26, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    You reported it as "Enhancement" Bug.
    I think that should be reported as Major bug(major loss of function) as its makes a security problem when you think you have deny the access to MYSQL and users can still access it.
     
  9. ashii

    ashii Member

    Joined:
    Sep 26, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    May 4 Change Log says
    "Added multiple internal checks to determine if a user is allowed to execute functionality base upon the Feature Management system."

    Yes,it is solved now.
     
Loading...

Share This Page