+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Suggestions (/forum-2.html)
+--- Thread: 1.0.3 - suggestions to next versions (/thread-9136.html)
Pages: 1 2
1.0.3 - suggestions to next versions - koffu - 01-09-2010 10:21 AM
Hello all!
First of all, I want to say many thanks to the development team.
Second, I'd like to express my opinion about some things in the new versions of panel.
After upgrade to 1.0.3 I did not like phpMyAdmin vs FileManager on admin login page. WebMail is nice idea, but can not be said about the rest, I think, because sometimes I see bruteforce attempts and tries to found phpMyAdmin location.
Please see new look in attachment.
My patch is:
Code:
--- /var/www/ispcp/gui/themes/omega_original/index.tpl.orig 2010-01-09 01:39:17.000000000 +0200
+++ /var/www/ispcp/gui/themes/omega_original/index.tpl 2010-01-09 01:55:10.000000000 +0200
@@ -81,14 +81,7 @@
<tr>
<td width="244" align="right" class="login"><table width="300" border="0" cellspacing="2" cellpadding="2">
<tr>
- <td align="center" width="100"><a href="{TR_PMA_SSL_LINK}" target="_self" title="phpMyAdmin"><img src="{THEME_COLOR_PATH}/images/login/phpmyadmin.png" width="28" height="30" border="0" alt="phpMyAdmin"></a></td>
- <td align="center" width="100"><a href="{TR_FTP_SSL_LINK}" target="_self" title="Filemanager"><img src="{THEME_COLOR_PATH}/images/login/filemanager.png" width="33" height="30" border="0" alt="Filemanager"></a></td>
- <td align="center" width="100"><a href="{TR_WEBMAIL_SSL_LINK}" target="_self" title="WebMail"><img src="{THEME_COLOR_PATH}/images/login/webmail.png" width="32" height="30" border="0" alt="WebMail"></a></td>
- </tr>
- <tr>
- <td align="center" width="100"><a class="login" href='{TR_PMA_SSL_LINK}'>phpMyAdmin</a></td>
- <td align="center" width="100"><a class="login" href='{TR_FTP_SSL_LINK}'>Filemanager</a></td>
- <td align="center" width="100"><a class="login" href='{TR_WEBMAIL_SSL_LINK}'>WebMail</a></td>
+ <td align="left" width="100"><a href="{TR_WEBMAIL_SSL_LINK}" target="_self" title="WebMail"><img src="{THEME_COLOR_PATH}/images/login/webmail.png" width="32" height="30" border="0" alt="WebMail"></a><a class="login" href='{TR_WEBMAIL_SSL_LINK}'>WebMail Access</a></td>
</tr>
</table></td>
<td width="197" align="right" class="login" style="vertical-align:top;">Powered by <a class="login" href="http://www.isp-control.net" target="_blank">ispCP Omega</a></td>With every version I changing
Code:
/etc/apache2/sites-available/00_master.confSo, I made a few changes and now file is:
Code:
<VirtualHost 192.168.0.1:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
... skipped...
</VirtualHost>Code:
<VirtualHost 192.168.0.1:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
... skipped...
</VirtualHost>Now admin panel, phpmyadmin, webmail, file manager working via SSL.
RE: 1.0.3 - suggestions to next versions - joximu - 01-10-2010 09:38 AM
Hi
the three symbols (webmail, webftp and pma) were added this year... so we won't kick them again :-)
but - maybe we need a switch/config otion to let the admin decide which shortcuts should be displayed.
But on the other side: every admin can configure it's own front page... :-)
/J
RE: 1.0.3 - suggestions to next versions - MicCo - 01-10-2010 09:31 PM
(01-10-2010 09:38 AM)joximu Wrote: Hi
the three symbols (webmail, webftp and pma) were added this year... so we won't kick them again :-)
but - maybe we need a switch/config otion to let the admin decide which shortcuts should be displayed.
But on the other side: every admin can configure it's own front page... :-)
/J
Yeah, joximu is right, due that some of us was also likeing the "Your IP are : xxx.xxx.xxx.xxx and logget" but hade to see that is gone.
RE: 1.0.3 - suggestions to next versions - kilburn - 01-10-2010 10:20 PM
"security through obscurity" is never *real* security...
RE: 1.0.3 - suggestions to next versions - koffu - 01-10-2010 11:26 PM
(01-10-2010 10:20 PM)kilburn Wrote: "security through obscurity" is never *real* security...
Yes, but I think phpMyAdmin would be reachable only after user login and it would be better if the link would be dynamic, not static.
This is only my opinion.
And what you think about SSL changes?
RE: 1.0.3 - suggestions to next versions - kilburn - 01-11-2010 05:56 PM
Quote:Yes, but I think phpMyAdmin would be reachable only after user login and it would be better if the link would be dynamic, not static.
Requiring users to be logged-in to the panel before allowing them to access phpmyadmin would imply that webmasters must have full control over the domain. As of now, the owner of a domain can give mysql rights to the webmaster without allowing him to create/delete emails, ftp accounts, etc.. Thus, I think that the current setup is better...
SSL support is planned for 1.1.0 (your patch assumes that the user has created the corresponding keys, which is unnacceptable because many users would fail to do so).
RE: 1.0.3 - suggestions to next versions - koffu - 01-11-2010 06:57 PM
(01-11-2010 05:56 PM)kilburn Wrote: [quote]
SSL support is planned for 1.1.0 (your patch assumes that the user has created the corresponding keys, which is unnacceptable because many users would fail to do so).
This is good.
Users always can create self-signed openssl certificate, which can be created by simple command with copy&paste
Code:
openssl req -x509 -days 365 -nodes -new -newkey rsa:2048 -out /etc/ssl/certs/server.crt -keyout /etc/ssl/private/server.keySSL support can be enabed simple by copy of :80 VirtualHost and changing it with VirtualHost :443 and add to :80 redirect.
RE: 1.0.3 - suggestions to next versions - joximu - 01-11-2010 07:07 PM
There are several ways of introducing SSL:
- only the panel
- also for customer
both ways can be implemented in different ways/levels of complication :-)
/J
RE: 1.0.3 - suggestions to next versions - koffu - 01-11-2010 07:21 PM
I suggest use for control panel only
The way, where I can define parameters for user VirtualHost, except .htaccess and direct editing?
RE: 1.0.3 - suggestions to next versions - joximu - 01-11-2010 07:40 PM
(01-11-2010 07:21 PM)koffu Wrote: I suggest use for control panel only
as a first step...
(01-11-2010 07:21 PM)koffu Wrote: The way, where I can define parameters for user VirtualHost, except .htaccess and direct editing?
??? you mean
/etc/apache2/ispcp/<host>.conf
??
/J