Jump to content

Help Desk Tickets - Password Security


bubba_nuts
 Share

Recommended Posts

I just submitted my first help ticket, and I was bit surprised to find that the "Cpanel Password" field is just a plain old text field. Is there a reason that it isn't a standard password field so everything is asterick-ed out? I found myself looking over my shoulder as I filled out my ticket, knowing that someone would have full access to my site's admin interface with that password.

Link to comment
Share on other sites

We parse the data over HTTPS 128BIT encrypt connections.

 

TCH has no control over the Help Desk Software, it is made by a third party (PerlBill). We dont own the rights to the software. its not freeware.

 

I do see your point, however we give you full control over changing your password at ANY TIME via the control panel.

Link to comment
Share on other sites

  • 3 weeks later...

Hi guys.

 

Bill, I understand bubba_nuts' worries - wouldn't it be so simple as changing the HTML to something like <input type="password" ..... > in the login form? Or is that a violation of the PerlBill license agreement? I suppose it is or you guys would have already changed it... :wacko:

Link to comment
Share on other sites

Even if we could rewrite the code to change the input type (which I would suspect is a violation of the EULA) I don't think there is a confirm password box so we would have even more cases of where the password is incorrect which results in delay in responding. By showing the password you can be sure you've entered it correctly.

 

As Bill mentioned, after the ticket is addressed it is easy to change the password via cPanel and is probably a good idea to do so regularly anyway.

 

While we're discussing safe computing practices, another nice feature of cPanel is the Backup command. If your finger slips in File Manager and you delete your public_html directory, it's much easier to restore a back up than rebuild. :wacko:

Link to comment
Share on other sites

Also, keep in mind that the asterisks literally only protect you from someone looking over your shoulder -- the contents are still passed to the server exactly the same way any normal text field would be.

Link to comment
Share on other sites

Also, keep in mind that the asterisks literally only protect you from someone looking over your shoulder -- the contents are still passed to the server exactly the same way any normal text field would be.

But they are parsed under 128BIT security

Link to comment
Share on other sites

True, they are passed under 128-bit SSL.

 

I was just pointing out that they aren't any more (or less) secure than any other part of the form. The only thing the asterisks do is hide it on the screen so other people looking at it can't see (oh, and they make it harder to type, too!)

Link to comment
Share on other sites

True, they are passed under 128-bit SSL.

 

I was just pointing out that they aren't any more (or less) secure than any other part of the form. The only thing the asterisks do is hide it on the screen so other people looking at it can't see (oh, and they make it harder to type, too!)

Good point.

 

I make everyone leave the building when I type my password in a form.

 

:) :) :) :)

Link to comment
Share on other sites

I didn't say it was a huge security bug, I only asked that because I was curious.

 

Anyway, it would indeed be a violation of the EULA, as Rickvz said, so we can all forget about that :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...