Different password for all services
Is this still the policy of the cPanel project? I'm concerned that any information disclosure vulnerability that exposes my settings.php file (which contains mysql credentials) could be escalated to a user compromise and arbitrary code execution via an SSH or FTP login.
Thanks for any advice in using cPanel securely, in this and other situations.
Evan
-
Hello :) I moved this post to it's own thread. Yes, by default, the MySQL password for the cPanel username matches the password for the corresponding MySQL username. It's a good idea to use a separate MySQL database username for your database as opposed to the cPanel username of the account to prevent the behavior you are referring to from happening. In addition, should you decide to change the default MySQL password for an account, you can do so via: "WHM Home " SQL Services " Change MySQL User Password" Thank you. 0
Please sign in to leave a comment.
Comments
1 comment