Current time: 12-23-2024, 07:13 AM Hello There, Guest! (LoginRegister)


Poll: Do you find it usefull?
Yes, good idea!
Don't know. /tools/* is simple enough.
No, absolute useless!
[Show Results]
 
Post Reply 
Fixed subdomains by default?
Author Message
xyladecor Offline
Junior Member
*

Posts: 15
Joined: Apr 2007
Reputation: 1
Post: #1
Question Fixed subdomains by default?
What do you think about fixed submains like webmail.* phpmyadmin.* ftp.* and antispam.* by default? You could realize this by adding a serveralias in the master.conf or a new subdomains.conf in sites-available with symlink to sites-enabled. After that every hosted domain has these subdomains. It's only a simple if-else function in the subdomain template needed to do that: e.g if subdomain=webmail, phpmyadmin, antispam, or ftp then error "Subdomain already exists!" else generate it?

I don't think it's a security hole, but it's more simple to remember than domain.tld/tools/...
(This post was last modified: 04-12-2007 06:51 PM by xyladecor.)
04-12-2007 06:40 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: Fixed subdomains by default?
I think that this make sense. It is very easy to handle and the customers
understands it also simple Wink

But the next is that many websniffer und webcracker search for such
subdomains. Will be also easy to test/hack them.
I take a look at PMA Rolleyes
04-12-2007 06:53 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #3
RE: Fixed subdomains by default?
that makes sense on the one hand.
On the other hand we then lost the possibility to secure the panel with SSL.
Wildcard - Certificates are not secure enough and cost a lot of money.

I thought about integrating a wizzard later on to generate the ssl certificate or import an old one. Only for the panel itself for the start - i know there's a lot more on the wishlist ... Wink but lets start somewhere and keep all those things in mind.

Someone suggested to make the subdomains on each customer domain ...
- we would have the same problem with SSL there.

Just one thing that could be an idea - each reseller got it's own panel - access site (has to have an own ip, too to have it SSL secured then)
04-12-2007 07:03 PM
Visit this user's website Find all posts by this user Quote this message in a reply
xyladecor Offline
Junior Member
*

Posts: 15
Joined: Apr 2007
Reputation: 1
Post: #4
RE: Fixed subdomains by default?
BeNe Wrote:But the next is that many websniffer und webcracker search for such
subdomains. Will be also easy to test/hack them.
I take a look at PMA Rolleyes

But you can change webmail or phpmyadmin to something completly else, protect phpmyadmin with .htaccess or webmail and phpmyadmin with imagecode on the login page? i think that's looks very professional and it's secure. no chance for dictionary attacks and most of the users can hadle it.
maybe for rc2 or rc3? Wink that whould be cool...
(This post was last modified: 04-12-2007 08:45 PM by xyladecor.)
04-12-2007 08:42 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #5
RE: Fixed subdomains by default?
mhhh this would be very cool!
But what about the SSL Problem ?
04-12-2007 08:55 PM
Visit this user's website Find all posts by this user Quote this message in a reply
xyladecor Offline
Junior Member
*

Posts: 15
Joined: Apr 2007
Reputation: 1
Post: #6
RE: Fixed subdomains by default?
i'll try it.

I got a real .de domain only for the administration-area and these subdomains for all accounts on the server. I'll change it to ssl an look what happens. Wink
04-12-2007 09:13 PM
Find all posts by this user Quote this message in a reply
digibyte Offline
Junior Member
*

Posts: 108
Joined: Jan 2007
Reputation: 3
Post: #7
RE: Fixed subdomains by default?
ephigenie Wrote:Just one thing that could be an idea - each reseller got it's own panel - access site (has to have an own ip, too to have it SSL secured then)
I'm absolutely in for this idea. The tools (pma, webmail, ...) are offered by the reseller for the customer, so logically they are "hosted" on the (sub)domain of the reseller.
I see it like this: if you make a new reseller, you have to give a domain name where the panel may be installed. The default value could be resellername.hostname.tld, but this can be changed by the user to admin.reseller.tld. And since it is necessary to login for each different tool (pma, webmail, ...) I prefer to place a link to these tools on the main login page of the panel. Or may be a drop down list with "log into pma", "log into panel", "log into webmail", ...
In this way, there is 1 ip address needed per reseller for SSL, which is no big problem I think and the view of the customer is that everything is centrally managed (in admin.reseller.tld).

What do you think about this?
(This post was last modified: 04-12-2007 09:32 PM by digibyte.)
04-12-2007 09:30 PM
Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #8
RE: Fixed subdomains by default?
This is how i was thinking to do that Wink
04-12-2007 09:39 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #9
RE: Fixed subdomains by default?
Fine - the idea is born Smile
04-13-2007 12:56 AM
Visit this user's website Find all posts by this user Quote this message in a reply
BioALIEN Offline
Public Relations Officer
*****
Dev Team

Posts: 620
Joined: Feb 2007
Reputation: 5
Post: #10
RE: Fixed subdomains by default?
You get my +1 for this suggestion. Seems valid, logical and actually useful.
04-13-2007 05:25 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)