Results 1 to 9 of 9

Thread: unsecure cpanel

  1. #1
    Join Date
    Mar 2002
    Posts
    1,003

    unsecure cpanel

    Why is the while creating passwords for FTP and E-mail the passwords are not shadowed? Are they passed to the server as clear text?

  2. #2
    Join Date
    Dec 2001
    Posts
    1,029
    Not shadowed? They should be...

    /etc/proftpd/user has shadowed FTP passwords
    /home/user/etc/shadow has shadowed e-mail passwords
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

  3. #3
    Join Date
    Mar 2002
    Posts
    1,003
    Yes, on the server they get shadowed, but while you're typing them in the text fields they aren't. When you click submit they are still clear text.

  4. #4
    Join Date
    Mar 2002
    Location
    New York, NY
    Posts
    410
    CPanel secure port: 2083
    WHM secure port: 2087
    Norm Sherman @ Netacore
    Fast/Reliable cPanel hosting on premium bandwidth
    http://netacore.com

  5. #5
    Join Date
    Mar 2002
    Location
    Mass
    Posts
    726
    Yes, on the server they get shadowed, but while you're typing them in the text fields they aren't. When you click submit they are still clear text.
    Even if it was shadowed, you still could get screwed.
    Jason

  6. #6
    Join Date
    Mar 2002
    Posts
    1,003
    Originally posted by netacore
    CPanel secure port: 2083
    WHM secure port: 2087
    When you say secure do you mean using SSL? As in https://domain:2083/ ?

    If yes then that doesn't work.

  7. #7
    Join Date
    Dec 2001
    Posts
    1,029
    What do you mean that doesn't work?

    You asked why FTP and e-mail passwords are not shadowed, but they are. If you use SSL, they are not passed to the server as clear text. I don't see what the problem is.

    Also, FTP and POP3 are clear text protocols anyway, so I don't see what you're trying to get at.
    Last edited by ToastyX; 08-05-2002 at 09:28 PM.
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

  8. #8
    Join Date
    Mar 2002
    Posts
    1,003
    Doesn't work meaning it displays a standard 404 that IE gives.

  9. #9
    Join Date
    Mar 2002
    Posts
    1,003
    Originally posted by ToastyX
    What do you mean that doesn't work?

    You asked why FTP and e-mail passwords are not shadowed, but they are. If you use SSL, they are not passed to the server as clear text. I don't see what the problem is.

    Also, FTP and POP3 are clear text protocols anyway, so I don't see what you're trying to get at.
    I realize that FTP and POP3 are clear text passwords but while creating them in the control panel they are not passed as shadowed passwords.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •