Operating System & Version
CentOS v7.9.2009 v100.0.7
cPanel & WHM Version
v100.0.7

adibranch

Member
Apr 7, 2009
8
1
53
Hi,

Just wondering about token access. We have a site on the server that a 3rd party wants access to via an API token. The token key will be stored in plain text on a config fiile in the sites public folder. I am aware that i can create a token in the accounts cpanel, and also within WHM.

I have a couple of questions.

1) If i create a token within the sites cpanel, does this prevent root access to the entire server
2) Is storing the token key in the config file a security risk?

I'm finding conflicting information on th enet and also on here.. The server support says a token created in cpanel will not in any way allow root access. However, i am wary.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,628
363
cPanel Access Level
Root Administrator
Hey there! If the token is created in cPanel, it would only have access to that specific cPanel user, and only access to what that cPanel user can do. If there are additional restrictions on the account, the token wouldn't be able to exceed that. The token can not get root access to the machine - root tokens would need to be created in WHM to have that type of behavior.

More details on the cPanel-side tokens can be found here:

 

adibranch

Member
Apr 7, 2009
8
1
53
Thanks. So there is basically no way that anything can happen outside of that account.. thats good to hear. I guess its still not ideal storing the key in a plain text file though.
 
Last edited:
  • Like
Reactions: cPRex