Require Password For Special FTP Accounts Configuration File Downloads
Good evening.
The FTP/SFTP configuration files in cPanel are great and useful though Panic Transmit or Terminus are still missing.
However, downloading the Special FTP Accounts file should require the cPanel account’s primary account password.
Let's look at this scenario that has actually happened.
cPanel doesn't trigger any notification alert on S/FTP connects and still doesn't have a way of creating additional port 2083 accounts with fine-tuned privileges.
A customer ends up giving his or her developer access to cPanel, and the developer downloads this file.
After the developer has done his work and access to 2083 terminated, the developer can access data at will without anyone being the wiser.
This will occur whether the machine has a password disabled or not.
If anyone can download this file at will, it kinda negates the whole idea of the principle of least privilege.
Thanks.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
The file downloaded for FTP configuration does not include the password, but do note that when you're providing access to the Special FTP account you are providing access to the cPanel user's privileges. To resolve this you'd need to change the password for the user. If we're understanding this request properly, what you're requesting is better control over the login/authentication
The file downloaded for FTP configuration does not include the password, but do note that when you're providing access to the Special FTP account you are providing access to the cPanel user's privileges. To resolve this you'd need to change the password for the user. If we're understanding this request properly, what you're requesting is better control over the login/authentication
Hi Lauren.
We are speaking as a hosting provider that offers cPanel to customers or uses cPanel for mass hosting.
As you already know, humans are still the weakest link any security chain.
So despite best effort to educate users, there are things that a server admin can't control and this is just one of them.
The best cPanel can do to help these kind of users (and admins to) will be to find a way to enforce and/or implement the time-tested principle of least privileges for access and authentications in cPanel.
Add:
This along with re-authentication for download request will be a good place to start.
Hi Lauren.
We are speaking as a hosting provider that offers cPanel to customers or uses cPanel for mass hosting.
As you already know, humans are still the weakest link any security chain.
So despite best effort to educate users, there are things that a server admin can't control and this is just one of them.
The best cPanel can do to help these kind of users (and admins to) will be to find a way to enforce and/or implement the time-tested principle of least privileges for access and authentications in cPanel.
Add:
This along with re-authentication for download request will be a good place to start.
Replies have been locked on this page!