WHM API1 createacc function passes password in command line
We are playing with whm api1 to create cpanel accounts via the command line and it works great but one of our developers has expressed concern that as the password is passed in the command line it becomes visible to other users via the process list and can therefore be compromised.
I know there are various ways to restrict a user to viewing only their own processes but I'm not sure which is the best method.
A better method might be to not include the password in the command line at all but generate it during the account creation process but I believe that this is not an option.
Your thoughts would be much appreciated.
Running Centos 6.7 and WHM 54
Many thanks.
-
Hello, Non-root users should not be able to see the password used during account creation in the process list. However, you may find the external authentication feature useful: Guide to External Authentication - Software Development Kit - cPanel Documentation Thank you. 0
Please sign in to leave a comment.
Comments
1 comment