Web Hosting Talk






PDA

View Full Version : WHM/Cpanel logins: Do you redirect to SSL?

charlier
05-09-2009, 10:00 AM
Hi,

Just looking to see how the rest of the cpanel hosting companies out there handle their cpanel and whm logins for their shared and reseller clients?

Do you even allow non secure logins?

Do you redirect to your SSL'd domain?

Do you use the origin domain and just let the browsers complain?

I'm torn on which way is best, as most resellers prefer to not let their clients know they are reselling.

I do and am using a anon domain for my server side activies, so I suppose it wouldn't be terrible to redirect to the ssl'd domain.

Any insight on how you guys do it would be beneficial. I also wouldn't mind to hear from anyone who has a reseller account as well.

Thanks,
IGXHost
05-09-2009, 11:17 AM
Yes, we allow non-secure logins but that's to the client's discretion. Some people don't like using secured logins due to speed and browser issues.
njoker555
05-09-2009, 01:32 PM
Yes, we allow non-secure logins but that's to the client's discretion. Some people don't like using secured logins due to speed and browser issues.

same here - it really don't make a huge difference unless you have a couple of hackers on your tail. right now you should allow the client to decide and then later on you can forward if you see things changing. really up to you on how you want to function
txitcs
05-09-2009, 01:44 PM
Yes, we allow non-secure logins but that's to the client's discretion. Some people don't like using secured logins due to speed and browser issues.

I do the same thing for the same reasons.
FazeWire
05-09-2009, 08:51 PM
We use secure redirects, but tell the customers the insecure URL if they prefer.
jayh
05-10-2009, 01:56 AM
We tried the forced SSL redirect and too many people complained. Instead, we have informed our customers of the various ways they may choose to access either WHM or Cpanel and also the benefit of using SSL.
LoganNZ
05-10-2009, 05:25 AM
Yeah I set up optional with all my clients servers also, we had 1,200 complaints in a matter of hours from one batch change across 28+ box's. heh, we changed it back fairly quickly :P
charlier
05-10-2009, 07:46 AM
Thanks guys...

When we where only doing shared accounts, it was forced redirect, and namely I don't think it mattered to those clients, cause they already knew they where on my server, so it all just worked out.

Right now I'm using redirect to SSL but from origin hostname, but since FF3 and ie7 are so common, they really let the client know it's a bad idea.

But now that we are doing reselling, I see this being an issue for them not wanting our named to show up on important things like logins.

I'll make sure to modify my templates to warn about the dangers of non secure logins, and the choices they have.

Thanks for the input.