Hi everyone! I am working on the hardening of my infrastructure. I have a website where my clients can change IspConfig FTP passwords and some other stuff. I was thinking about it would be nice if I could make my clients be able to login ISPConfig not with the login screen of ISPConfig but via my website they would land in the ISPConfig already logged in with them user. Is there a way to achieve this? Best regards, have a nice day everyone Peter Arany
In terms of hardening your infrastructure, you would add another point of possible exploitation. You grant rights to a new user and use it at external sources. By nature this is the opposite of hardening. Also using FTP instead of SFTP could be thought about. However, you could implement the api on your site to abstract from the default ISPConfig UI entirely and make things "more secure" by having granular control about what a user can do. But giving the user a login cookie for ispconfig, no benefit security wise, just a way to reduce security at worst case.
If they should land in ISPC, why would you use a loginpage other then ISPC's loginpage? It only creates more vulnerabilities and maintenance.
