[NCLUG] Fw: How to log into CPanel securely (Progress Update)
mike cullerton
michaelc at cullerton.com
Wed Oct 10 18:39:02 MDT 2001
tom,
the port used has nothing to do with whether or not data is encrypted, it is
the program running on the port. you could create a secure protocol of your
own and run it on any port (although you probably shouldn't use well known
ports)
ask them about the data in transit. ie, when you type the word 'the' at your
keyboard when accessing the control panel, is the word 'the' in clear text
as it traverses the net. if so, this is true for anything you type, like
your password. (as you seem to already understand)
their statement "No activity that takes place within the control panel can
be monitored by anyone unless they can actually access your Control Panel."
appears false to me. anyone between 'you' and the 'control panel' could
sniff the packets.
they are either clueless or treating you like you are clueless.
not sure if either of those cases is acceptable.
mike
on 10/10/01 3:42 PM, Tom Thompson at tomyval at verinet.com wrote:
> Hi all,
> I had a quick question about ports and secure ports.
> I have a web host that has a control panel application that you log into
> without using a SSL link. I asked the sys admin if such a link was available
> and they informed me with this statement that it wasn't.
>
>
>> the Control Panel is not available via a SSL connection. If you would like
> to use SSL with your site the url would be
> https://somehost/~someuser/file.html
>>
> Which I then asked how they could ask people to setup email accounts and
> passwords, MySql database's and password, change your login password etc
> without a secure connection. and they sent me this response.
>
>> Hi Tom,
>> the Control Panel is secure, it installed on Port 2082 which is only via
> username/password. No activity that takes place within the control panel can
> be monitored by anyone unless they can actually access your Control Panel.
>
> Is this truly secure? I always thought you had do do encryption stuff on
> 447 to not have things picked up on the net??
>
> Tom Thompson
> tomyval at verinet.com
>
> PS: if this isn't the right forum just let me know. don't fry me okay?
>
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
>
-- mike cullerton
More information about the NCLUG
mailing list