some featured request

realitsolution

Verified User
Joined
Jul 1, 2019
Messages
70
Location
GMT +6.00
1. your other is good. but should increase some option on file manager system . lot of feature missing from other control panel.. your should work here.it's really important for client. and also which option stay all is hide which not user friendly for customer. like only compress can not do extract can not do. when i do compress automatic doing download . home button , back button not stay. filemanager should give open on new tab. etc.

2. when i create reseller account then showing domain limit but i don't understand what is here you mean by domain. where is account limit option. reseller panel also showing same . that is ok but from admin panel when create reseller should give account limit option.

3. when i am going phpmyadmin from user panel then again need username password. why? without username name and password can not login from userpanel like other panel. this also relly important..

4. from email option we can not auto login login directly webmail .

5. back button your any option not stay.. when i going any feature i can not back from there.you should give back button every where. 6. your icon grid skin looking very good. but it's really very slow.. load take lot of time .on mobile view nothing showing not responsive your design . right side Your Account option and left side icon option almost showing same to same for which looking bad should left side do 80% and right side Your Account option should 20%. also scrolling if you stop more looking good...
 
3 and 4 are already in another request, you might to add there.
without username name and password can not login from userpanel like other panel. this also relly important.
It's a choice. Like Directadmin has it, it's easier when you want to do stuff. You can just visit http://www.domain.com/phpmyadmin and then login to phpmyadmin.
The Cpanel way is that you first have to enter your username and password for cpanel to login to cpanel and then click further to get into directadmin. There are benefits in both ways.

Most webmail users do not visit their webmail via their control panel, they visit it directly, which can be done by DA and by Cpanel the same way. Almost... with DA you get the webmail login (Roundcube for example) directly, Cpanel re-routes via cpanel first.
Especially this last one I would not like to see changes, because of privacy issues. An admin could check and read the mail of the customers. This is not possible with DA, but is possible with cpanel. That is not a good thing.
 
@Richard,

It's not a top secret all emails are stored (in plain-text format) on a disk under users homedirs, a dishonest administrator can copy and read them using FTP/FileManager/SSH. So I believe the feature does not increase or decrease a privacy level.
 
@Alex,
You are correct, but it takes a bit more work and via the account it's a lot easier and you can also see al titles easier, so I do believe it's an increase of privacy.
At this moment I also don't see any good reason to change it. In DA as well as in Cpanel, users using webmail would rather visit webmail directly then going via the control panel.
Like http://domain.com/webmail which is available in both panels.
 
Yes, agree. It makes easier to read emails. And I will definitely disable the feature on my own servers if it comes true one day ;). At the same time I'm enough tolerant if the request is to be satisfied, it will help to reduce time while solving various kind of mail issues for administrators.
 
it will help to reduce time while solving various kind of mail issues for administrators.
I don't agree that's helping a lot by looking into emails. Most issues can be solved via logilfes. But lets forget about admins and resellers.

Same goes for domain owners with company's being able to read all personel's mail this way. Or for hobby forums which have given email accounts to like mods and maybe some other people. Just "normal" people, not supporting can do this too.
I doubt that this is not a privacy issue. At least here in the Netherlands by law, only in very special cases a company is allowed to take a look in employees emails. In those very special cases they can change the password and then the employee will notice.
When it's change like in Cpanel, they can do whatever and whenever they want. So it's not limited to admins. That's why I'm against it.
 
Richard,

If somebody wants to read emails from others they will find time to copy emails and read them, and you will not stop them from it. If you need a high privacy you will need to stop using VPS at all and migrate to a bare-metal, or use encrypted mail services. VPS providers can read your data from snapshots and backups they create for you, and you will never know if they do it.

And mail issues are not limited to mail deliveries be sure. There are other kind of issues, which can't be investigated throughout logs. I had a recent case when an user had a so heavy customized RoundCube interface that it caused issues with sending emails. I'm still not too sure how could it happened, but the issue was narrowed to the RoundCube interface only when I connected to the account.

I'm sure if John and his staff decide to add it, they will add an option to disable the feature.
 
I don't agree that's helping a lot by looking into emails. Most issues can be solved via logilfes. But lets forget about admins and resellers.

Same goes for domain owners with company's being able to read all personel's mail this way. Or for hobby forums which have given email accounts to like mods and maybe some other people. Just "normal" people, not supporting can do this too.
I doubt that this is not a privacy issue. At least here in the Netherlands by law, only in very special cases a company is allowed to take a look in employees emails. In those very special cases they can change the password and then the employee will notice.
When it's change like in Cpanel, they can do whatever and whenever they want. So it's not limited to admins. That's why I'm against it.

Mail is kept on the server clear text files or file depend on the box type mail dir multiple files mbox - one big file with all of the emails with it

So any one with access to your control panel account, shell access to your account even ftp access to /home/$USER where maildir and imap dir are or even from hacked wordpress on which phpshell is uploaded can potentially read your email without you even notice

Also data center technician can just reboot the server in the rescue and read anything or even if you had encrypted server if it is a remote one VNC you use to initally input your password after boot can have key logger on it

So only way to have some gurantee against that is to have encrypted server at home...
 
3 and 4 are already in another request, you might to add there.

It's a choice. Like Directadmin has it, it's easier when you want to do stuff. You can just visit http://www.domain.com/phpmyadmin and then login to phpmyadmin.
The Cpanel way is that you first have to enter your username and password for cpanel to login to cpanel and then click further to get into directadmin. There are benefits in both ways.

Most webmail users do not visit their webmail via their control panel, they visit it directly, which can be done by DA and by Cpanel the same way. Almost... with DA you get the webmail login (Roundcube for example) directly, Cpanel re-routes via cpanel first.
Especially this last one I would not like to see changes, because of privacy issues. An admin could check and read the mail of the customers. This is not possible with DA, but is possible with cpanel. That is not a good thing.

i know if anyone try to do go pay http://www.domain.com/phpmyadmin and give username and password then he can login easily. but suppose anyone upload any file in file manager from login control panel then need to adjust it from database and also need to upload it backup there then he need to login again phpmyadmin also. if he can do login directly from control panel then he not need to give any password again right. i think this featured not do any effect on security or privacy . it will be easy for user also. i don't understand why you disagree with this i talk with lot of people everyone want this feature 1st some one disagree.
 
I don't agree that's helping a lot by looking into emails. Most issues can be solved via logilfes. But lets forget about admins and resellers.

Same goes for domain owners with company's being able to read all personel's mail this way. Or for hobby forums which have given email accounts to like mods and maybe some other people. Just "normal" people, not supporting can do this too.

The directadmin login holder can access all the mail files for every account already, and always has been able to, the privacy argument against auto-login doesn't hold up, because it's never existed in the first place.

I can tell you that the reason auto-login is important for larger shared hosters is because a good percentage (if not the majority) of clients don't know their email account logins anymore, they set up Outlook and their phones years ago, and to have to reset it to access webmail, they'd then have to update all their devices, it becomes a support nightmare.
 
ZeiTeR said:
If somebody wants to read emails from others they will find time to copy emails and read them, and you will not stop them from it.
I know Alex, but that is no argument to make it even way easier and with a more structural overview for them. At least not to me.

DanielP said:
So any one with access to your control panel account, shell access to your account even ftp access to /home/$USER where maildir and imap dir are or even from hacked wordpress on which phpshell is uploaded can potentially read your email without you even notice
Right, we know that. But it's way of a difference, in looking up and reading. How many customers do you think know this too? Most users don't even know it can be done this way or don't understand the starting code of the mail in those files. In Webmail it's just way easier. That's what I'm talking about and from my forums experience I know it will be done if it's that easy to do. They all say they won't.....
For admins this is not a biggy indeed, but that's not the issue.

realitsolution said:
if he can do login directly from control panel then he not need to give any password again right. i think this featured not do any effect on security or privacy .
I wasn't talking about phpmyadmin but about the e-mail option. ;) For phpmyadmin I would like it too.

@Nick-a:
Nick-a said:
The directadmin login holder can access all the mail files for every account already, and always has been able to
Which most of them don't even know.

I can tell you that the reason auto-login is important for larger shared hosters
Your argument has nothing to do with large or small hosters because what you describe is happening everywhere. Which does not explain exactly which problem is to be solved by viewing users mail, because most issues are visible via logfiles.
The only valid example i heard until now is from zEiTeR.

The devices is no argument, because devices change and users have to add their passwords again, which they don't know according to you, so it's still a nightmare. But not for support but for the users. Unless you provide devices support (which most especiallly large hosters don't), that's up to the customers.
Anyway, everybody is complaining about customers using ancient passwords, not knowing them anymore instead of writing them down, users have to be teached. But when it comes to somthing like this, suddenly this is all a good development. Because otherwise we have a support nightmare? We here at DA used it for all those years like this, also large company's which have DA. ;)

Anyway, I don't mind. We don't need to discuss this any further. I stated my vote and gave my arguments.
Seems nobody agrees with me, no problem. I'm a Cpanel admin too, never had to use this option so can't see the importance of it and still can't after reading all the arguments, sorry.

I would rather have the option like cpanel has to seperate mysql users and databases. ;)
 
Last edited:
auto-login is important for larger shared hosters is because a good percentage (if not the majority) of clients don't know their email account logins anymore, they set up Outlook and their phones years ago
If they do not know their email accounts, then they shouldn't be running a website.

I still get clients wanting us to ADD email accounts for them! Erm, hello, we will know your password, and store your password when we give you it via email or a ticket! You know, this privacy issue works both ways, many people are so lax in this department.
 
I fully agree. Customers get too lazy and that's not a good development.

Anyway, if DA would make the auto mail login switchable, that would also solve the issue for people not wanting this option in effect.
 
I've been kind of silently following the the phpMyAdmin login thing for a bit.

Perhaps I'm missing something...

A user logs into their panel.

They go to https://somelinktotheserver:2222

They enter their username in the username field.

They enter their password in the password field.

They navigate to the Account Manager -> MySQL Management (should this just be SQL Management? Since if you're using MariaDB then MySQL isn't technically correct here... I'm going off on a tangent).

They click the phpMyAdmin link

A popup pops up asking for a username and password.

The world ends...


I mean... you just gave a username and password to access your panel... and now you get prompted for a username and password, and you don't know what to put here?

"I don't know the password to my account"

Well.. that's an issue in and of itself. Why do people not know their own passwords? Or use a legitimate password manager?

If you're depending on your browser to save all of your password information... I just shutter at the thought of that... but still isn't there some responsibility to know what your actual password is?

Like I said, maybe I'm missing something.

But if I haven't... and the sole reason for wanting this is so that we don't have to enter our username and password again... then how lazy are we getting?
 
I mean... you just gave a username and password to access your panel... and now you get prompted for a username and password, and you don't know what to put here?
"I don't know the password to my account"
Whahaha, you got a good one there. Great argument!! I fully agree!
 
@sparek, You are not missing anything. And I fully agree with you! Also for user that don't want to enter the password when they login on phpMyAdmin, they can just let the browser remember the password.
 
A different approach to this - but I don't really think it's possible, because it's done client side (you might be able to do some javascript trickery?) - would be to make the panel login page unable to remember the username and password... thereby forcing a user to actually remember their username and password (or store it in an off-browser password manager... which has always been my recommendation). That probably opens up a whole other can of worms though because for whatever reason people seem to think it's not their responsibility to know their own passwords.

My main point of contention with phpMyAdmin is that it operates at the front-end level - on port 80/443 - instead of behind DirectAdmin's back-end level (port 2222). I think that was a bad design choice. And I will likely continue to believe it was a bad design choice... but as the newcomer here, it's my responsibility to adjust to what is offered.
 
sparek said:
And I will likely continue to believe it was a bad design choice... but as the newcomer here, it's my responsibility to adjust to what is offered.
That is your good right and you're also entitled to request changes.
However, in this case I think this is just a matter of opinion. Like the design is now, people do not have to enter the control panel and can reach phpmyadmin from outside the panel, just as they can also reach webmail from outside the panel.
That might have some pro's and con's, but I don't think it's a bad design choice.

Ofcourse you may think it is. But maybe it would be a better approach to give us some decent arguments for exactly why you think it's a bad design choice.
You might be right, but we can't know if that is the case unless you provide us with arguments for it.
 
and the sole reason for wanting this is so that we don't have to enter our username and password again... then how lazy are we getting?

No, that's not the sole reason.

Client installs wordpress via softaculous
database, database user and database user password are auto-generated and not displayed to the client
later, the client wants to access database via phpmyadmin

now you need to explain to the client how to access the wp-config.php file in order to find the database details
clients struggles to do this and gets frustrated
you end up doing this yourself, and giving the phpmyadmin login details to client

it's all about making things easier for clients and reducing support load.

auto-login to phpmyadmin is a necessity for shared hosting.
 
Back
Top