The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Poll - Having access to client's passwords

Discussion in 'General Discussion' started by imagic, Aug 4, 2003.

?

Root should have access to each account's password

  1. I totally agree

    130 vote(s)
    54.4%
  2. I totally disagree, and my reasoning is in the below post

    80 vote(s)
    33.5%
  3. I don't care

    12 vote(s)
    5.0%
  4. We never have problems, so we don't need access to clients' accounts

    17 vote(s)
    7.1%
  1. imagic

    imagic Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    Please vote.

    cPanel.net Support Ticket Number:
     
  2. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    The only way you could have access to the clients password is if the password is stored as plain text or is decryptable - this is a very BAD idea.

    Currently all Control Panels use one-way hash to encrypt passwords. cPanel would be VERY INSECURE if it adopted this.

    cPanel.net Support Ticket Number:
     
  3. NeutralGold

    NeutralGold Well-Known Member

    Joined:
    Jun 5, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    I don't see the point in having the clients password, You can access his files, Cpanel & databases and thats all you really need..

    cPanel.net Support Ticket Number:
     
  4. imagic

    imagic Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    Michael,
    I sincerely want to understand this thinking. Can you give me an example of a situation where somebody is able to get passwords, but not root access?

    cPanel.net Support Ticket Number:
     
  5. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    It is quite easy for a user to get access to read a file - there are numerous posts on this forum that tell you how to read /etc/passwd. The only safe password is a one-way hash. My main source of income is writing ecommerce software, you just do not use decryptable passwords.

    cPanel.net Support Ticket Number:
     
  6. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    I agree with rs-freddo, this is a terrible idea, cpanel uses the systems hash thats in /etc/shadow. Like rs-freddo said you cannot just decrypt these, you have to brute force them. So cPanel would have to store these.

    Ask you client for his password, it's a extra level of security.

    cPanel.net Support Ticket Number:
     
  7. Sash

    Sash Well-Known Member

    Joined:
    Feb 18, 2003
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    16
    Never sacrifice security for convenience.

    Mike

    cPanel.net Support Ticket Number:
     
  8. Triden

    Triden Member

    Joined:
    Apr 19, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    You can login to your clients account by using your root password. Why would you want his password?

    cPanel.net Support Ticket Number:
     
  9. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    And do not increase your own responsibilities when there is no need to.

    cPanel.net Support Ticket Number:
     
  10. I-Web

    I-Web Well-Known Member

    Joined:
    Jul 7, 2003
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    am i able to access my clients cPanels without there passwords?

    If so how :S?

    cPanel.net Support Ticket Number:
     
  11. Triden

    Triden Member

    Joined:
    Apr 19, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    http://theirdomain/cpanel/

    then use their username and your root password.

    cPanel.net Support Ticket Number:
     
  12. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Or, if one is a Reseller, you can use your Reseller PW instead of root PW.

    One must remember as well, when accessing any Cpanel and regardless of what ID / PW is used, the next time after you've used it, it is your IP address that will show in the: Last login from

    This can be confusing to the Client as they will know it is not 'their' IP address and they may think they were hacked.

    cPanel.net Support Ticket Number:
     
  13. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    I've found using https://theirdomain.com:2083/ helps here. People don't seem to get as excited about seeing the last user as "localhost" as they do about a strange IP/domain. :)
     
  14. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    I understand the wanting the convenience of seeing the passwords. However, the trade off for the convenience heavily compromises the security of all accounts on the server. We have realized that our clients feel much more secure in knowing only THEY know their passwords. Also, when necessary, we only ask for a client's password via a secured page via our helpdesk (never via email, etc.). Even our initial new account setup email strongly suggests they change their password immediately... and goes on to suggest using a combination of "AlPha2numBer^Symbols"

    -Host4u2
    "How does it feel to want?"

    cPanel.net Support Ticket Number:
     
    #14 Host4u2, Aug 7, 2003
    Last edited: Aug 7, 2003
  15. rumonet

    rumonet Member

    Joined:
    Feb 3, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    You can login to your clients account by using your root password

    cPanel.net Support Ticket Number:
     
  16. perfectsquare

    perfectsquare Active Member

    Joined:
    Sep 11, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I don't think anyone has stated (what I think is) the primary reason for an admin not to be able to see the user's password.

    A lot of people use the same password for multiple things...hosting account, credit card login, PIN number, what have you. So, if you knew your customer's password for their account on your server, you might also have their password for many other things. Make sense?

    cPanel.net Support Ticket Number:
     
  17. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    I agree with that statement. Not very many people like to have a pile of different passwords.

    cPanel.net Support Ticket Number:
     
  18. lowspeed

    lowspeed Active Member

    Joined:
    Aug 13, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    IT woudl be nice if we could have a forgot password function.


    To email the user a new password to the accounts email.

    cPanel.net Support Ticket Number:
     
  19. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    I prefer not to save customer passwords. If we need to help with something in Cpanel all you have to have is their username and the root password. This combined with a secure login is a much better solution. This also lets the customer know that you were in their Cpanel and they know you were working on something. This has been helpful with our customers that had issues as they felt very comforted that we did login with master logins instead of theirs.

    cPanel.net Support Ticket Number:
     
  20. GetWired

    GetWired Active Member

    Joined:
    Aug 4, 2003
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    I learned to just login using https. It shows as localhost instead.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page