bubba_nuts Posted April 17, 2003 Share Posted April 17, 2003 I just submitted my first help ticket, and I was bit surprised to find that the "Cpanel Password" field is just a plain old text field. Is there a reason that it isn't a standard password field so everything is asterick-ed out? I found myself looking over my shoulder as I filled out my ticket, knowing that someone would have full access to my site's admin interface with that password. Quote Link to comment Share on other sites More sharing options...
Head Guru Posted April 17, 2003 Share Posted April 17, 2003 We parse the data over HTTPS 128BIT encrypt connections. TCH has no control over the Help Desk Software, it is made by a third party (PerlBill). We dont own the rights to the software. its not freeware. I do see your point, however we give you full control over changing your password at ANY TIME via the control panel. Quote Link to comment Share on other sites More sharing options...
borfast Posted May 2, 2003 Share Posted May 2, 2003 Hi guys. Bill, I understand bubba_nuts' worries - wouldn't it be so simple as changing the HTML to something like <input type="password" ..... > in the login form? Or is that a violation of the PerlBill license agreement? I suppose it is or you guys would have already changed it... Quote Link to comment Share on other sites More sharing options...
TCH-Rick Posted May 2, 2003 Share Posted May 2, 2003 Even if we could rewrite the code to change the input type (which I would suspect is a violation of the EULA) I don't think there is a confirm password box so we would have even more cases of where the password is incorrect which results in delay in responding. By showing the password you can be sure you've entered it correctly. As Bill mentioned, after the ticket is addressed it is easy to change the password via cPanel and is probably a good idea to do so regularly anyway. While we're discussing safe computing practices, another nice feature of cPanel is the Backup command. If your finger slips in File Manager and you delete your public_html directory, it's much easier to restore a back up than rebuild. Quote Link to comment Share on other sites More sharing options...
matman Posted May 2, 2003 Share Posted May 2, 2003 Also, keep in mind that the asterisks literally only protect you from someone looking over your shoulder -- the contents are still passed to the server exactly the same way any normal text field would be. Quote Link to comment Share on other sites More sharing options...
Head Guru Posted May 3, 2003 Share Posted May 3, 2003 Also, keep in mind that the asterisks literally only protect you from someone looking over your shoulder -- the contents are still passed to the server exactly the same way any normal text field would be. But they are parsed under 128BIT security Quote Link to comment Share on other sites More sharing options...
matman Posted May 3, 2003 Share Posted May 3, 2003 True, they are passed under 128-bit SSL. I was just pointing out that they aren't any more (or less) secure than any other part of the form. The only thing the asterisks do is hide it on the screen so other people looking at it can't see (oh, and they make it harder to type, too!) Quote Link to comment Share on other sites More sharing options...
Head Guru Posted May 3, 2003 Share Posted May 3, 2003 True, they are passed under 128-bit SSL. I was just pointing out that they aren't any more (or less) secure than any other part of the form. The only thing the asterisks do is hide it on the screen so other people looking at it can't see (oh, and they make it harder to type, too!) Good point. I make everyone leave the building when I type my password in a form. :) :) Quote Link to comment Share on other sites More sharing options...
borfast Posted May 5, 2003 Share Posted May 5, 2003 I didn't say it was a huge security bug, I only asked that because I was curious. Anyway, it would indeed be a violation of the EULA, as Rickvz said, so we can all forget about that Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.