With Security Tokens forced on - Nothing can be bookmarked!

[wdwms]

Greetings,
For years we've had all sorts of URLs bookmarked in cpanel for easy access: email, awstats, mysql, etc. However with the release of 11.38, Security Tokens is turned on and can not be turned off. As a result, nothing can be bookmarked as the URL now has the cpsession number in it. This results in us having to re login every time, navigate through the cpanel menus, etc.

Is there any solution to allow quick and easy access to the items we have book marked? Its one thing to have to type a password to access, but another to have to click through 3-4 screens!

Thanks!

-t

 

[Infopro]

Sure, the search box, top left corner. Once you typed in email, clicked it in result, next time you login it's listed on the Frequently Accessed Areas box, just below the search.
Step one, login. Step 2 click FAA link. Best part is, you're secured.


Probably not what you're hoping for I bet, but that's the preferred way I would think, for security reasons.

 

[wdwms]

Not what we want at all.. that still is too many clicks.. we used to be able to hit a book mark and easily bring up pages. Additionally, some of our admins don't need to see all the other options, the just want to see stats or such. Now we have to rout them through something that could cause them to click on crap they don't need to touch.

For example, in the past, a marketing person just had a link to the AWstats. He had the id/password, would click the bookmark we gave him, review the stats and he was done.

now its a disaster.. there has got to be a better solution for this!

 

[Infopro]

He had the id/password, would click the bookmark we gave him, review the stats and he was done.

But he still has access to the entire account, never the less. And the connection is properly secured.

Please feel free to open a Feature Request for less clicks here if you like:
http://forums.cpanel.net/cpfeatures.php

Thanks!

 

[cPanelNick]

You should still be able to bookmark the page with security tokens. You will just need to reauthenticate if the security token does not match so a new one can be generated.

Which browser are you using?

Thanks

 

[wdwms]

You should still be able to bookmark the page with security tokens. You will just need to reauthenticate if the security token does not match so a new one can be generated.

Which browser are you using?

Thanks

Because CPSession is now in the URL, the bookmarks are invalid. And the redirection from Cpanel does not redirect you to the correct URL. It does work for PHPmyadmin (from WHM) but awstats does not work

I understand security, i work in it full time for a major software company, but this is a terrible implementation.

 

[cPanelNick]

Because CPSession is now in the URL, the bookmarks are invalid. And the redirection from Cpanel does not redirect you to the correct URL. It does work for PHPmyadmin (from WHM) but awstats does not work

I was not able to replicate this problem in any of our testing enviorments. Would you kindly open a ticket using the link in my signature so we can help disanose this?

I understand security, i work in it full time for a major software company, but this is a terrible implementation.

If you have a method of implementing xsrf protection without the need to make sweeping changes that will also work for third party integrators, we would be very intrested in learning about it.
Thanks

 

[wdwms]

I was not able to replicate this problem in any of our testing enviorments. Would you kindly open a ticket using the link in my signature so we can help disanose this?

If you have a method of implementing xsrf protection without the need to make sweeping changes that will also work for third party integrators, we would be very intrested in learning about it.
Thanks

Nick, i've gone ahead and opened the support request for you: 4080751

As for giving you ideas; our software does 1 thing - Single Sign on for enterprise wide infrastructures and web apps. I can't divulge any information but there are better ways to do this. Hope you can respect my position.

Thanks

 

[c4n]

Same here, the bookmarked URLs don't work anymore because of the "token doesn't match" error.

I understand tokens are required to fight CSRF, but it's annoying and there really should be a way of turning tokens off for users who know why they want that.

 

[c4n]

Great, and it also won't let me downgrade to 11.36.1.5

 

[JaredR.]

Can you try turning off Enable HTTP Authentication in Home » Server Configuration » Tweak Settings? The link should work with that disabled.

 

[Jeet]

Same issue here..

What was wrong with making this feature optional as before? Those who think they need additional security could have opted for it anyway. Please bring this option back in "tweak settings".