Page 1 of 3 123 LastLast
Results 1 to 20 of 54

Thread: Roadmap

  1. #1
    Join Date
    Feb 2007
    Posts
    44

    Roadmap

    Can I request that DA creates a sticky thread here please with a roadmap of what feature requests you've accepted or other features you are planning to add? Not expecting ETA's or anything, just what to expect in the next version or two.

    Some of us are planning migrations but looking for certain features first, such as autologin is important for the shared hosting servers (different market and all that), but not so important for VPS/dedicated customers etc.

  2. #2
    Join Date
    Jun 2019
    Posts
    27
    Would love to see a roadmap from DirectAdmin.

  3. #3
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,130
    At the moment I can just honestly say that all the things 'missing' (as DA has a different feature set) have the highest priority Including auto-login to phpMyAdmin.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  4. #4
    Join Date
    Apr 2009
    Posts
    2,421
    Quote Originally Posted by smtalk View Post
    At the moment I can just honestly say that all the things 'missing' (as DA has a different feature set) have the highest priority Including auto-login to phpMyAdmin.
    If you add autologin to phpMyAdmin, it is very important that it will still be possible to login manually at server.hostname.com/phpmyadmin - that is a must that it still continue to be possible. For example many customers have many databases in their account, then they login to phpMyAdmin with the same username/password as their DirectAdmin account, the benefit then is that they have access to all the databases in ONE login. Also some customer would sometimes need to provide access to third party to login to phpMyAdmin, but at the same time they don't want to give access to DirectAdmin. So it is very important to keep the option to be able to login to phpMyAdmin manually at server.hostname.com/phpmyadmin - or you could add a option in directadmin.conf to disable autogin. Thank you.

    Edit: The same goes for webmail, it is a MUST that it still will be possible to login manually at server.hostname.com/roundcube - if not, you must provide a option to disable autologin for webmail in directadmin.conf - many customers give out email accounts to their customers wich should not have access to DirectAdmin, and they must be able to login manually at server.hostname.com/roundcube
    Last edited by ditto; 07-05-2019 at 04:37 AM.

  5. #5
    Join Date
    Jun 2019
    Posts
    27
    Quote Originally Posted by ditto View Post
    If you add autologin to phpMyAdmin, it is very important that it will still be possible to login manually at server.hostname.com/phpmyadmin - that is a must that it still continue to be possible. For example many customers have many databases in their account, then they login to phpMyAdmin with the same username/password as their DirectAdmin account, the benefit then is that they have access to all the databases in ONE login. Also some customer would sometimes need to provide access to third party to login to phpMyAdmin, but at the same time they don't want to give access to DirectAdmin. So it is very important to keep the option to be able to login to phpMyAdmin manually at server.hostname.com/phpmyadmin - or you could add a option in directadmin.conf to disable autogin. Thank you.

    Edit: The same goes for webmail, it is a MUST that it still will be possible to login manually at server.hostname.com/roundcube - if not, you must provide a option to disable autologin for webmail in directadmin.conf - many customers give out email accounts to their customers wich should not have access to DirectAdmin, and they must be able to login manually at server.hostname.com/roundcube
    I don't think phpMyAdmin should be accessible directly from /phpmyadmin as this can be used for third parties to gain access to the database via bruteforce, even if the remote access to the database is disable. But to provide an option that satisfies everyone, you could just add an option in the DirectAdmin Panel at Admin Level to enable/disable direct access to /phpmyadmin.

  6. #6
    Join Date
    Jul 2017
    Location
    Murfreesboro
    Posts
    353
    Quote Originally Posted by ditto View Post
    If you add autologin to phpMyAdmin, it is very important that it will still be possible to login manually at server.hostname.com/phpmyadmin - that is a must that it still continue to be possible. For example many customers have many databases in their account, then they login to phpMyAdmin with the same username/password as their DirectAdmin account, the benefit then is that they have access to all the databases in ONE login. Also some customer would sometimes need to provide access to third party to login to phpMyAdmin, but at the same time they don't want to give access to DirectAdmin. So it is very important to keep the option to be able to login to phpMyAdmin manually at server.hostname.com/phpmyadmin - or you could add a option in directadmin.conf to disable autogin. Thank you.

    Edit: The same goes for webmail, it is a MUST that it still will be possible to login manually at server.hostname.com/roundcube - if not, you must provide a option to disable autologin for webmail in directadmin.conf - many customers give out email accounts to their customers wich should not have access to DirectAdmin, and they must be able to login manually at server.hostname.com/roundcube
    agreed. I see it as an added option as well.
    Thanks,
    Brent Dacus
    Just a regular guy from Tennessee

    CentOS 7 | DA | CB 2.0 | MariaDB 10.4 | PHP 7.2

    help me...it's HERE or Type "your issue your os directadmin" in google


  7. #7
    Join Date
    Jun 2019
    Posts
    7
    Road map will be better to see what's coming on next version.

  8. #8
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,130
    Quote Originally Posted by cenourinha View Post
    I don't think phpMyAdmin should be accessible directly from /phpmyadmin as this can be used for third parties to gain access to the database via bruteforce, even if the remote access to the database is disable. But to provide an option that satisfies everyone, you could just add an option in the DirectAdmin Panel at Admin Level to enable/disable direct access to /phpmyadmin.
    Just a FYI on this that CSF blocks these attempts to /phpmyadmin, /roundcube (/webmail) automatically by default It's integrated into BFM too. But I totally see your point on systems without any protection.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  9. #9
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    Quote Originally Posted by cenourinha View Post
    I don't think phpMyAdmin should be accessible directly from /phpmyadmin as this can be used for third parties to gain access to the database via bruteforce, even if the remote access to the database is disable. But to provide an option that satisfies everyone, you could just add an option in the DirectAdmin Panel at Admin Level to enable/disable direct access to /phpmyadmin.
    I really do not like AUTO-LOGIN to anything TBH....... If admins need to access databases, use the da_admin login to phpmyadmin...... That's what I do....

    If you are worried about security if this AUTO-LOGIN does appear, then force ALL clients to use 2FA/Keys to Directadmin......
    Last edited by Peter Laws; 07-05-2019 at 06:55 AM.

  10. #10
    Join Date
    Feb 2007
    Posts
    44
    Quote Originally Posted by Peter Laws View Post
    I really do not like AUTO-LOGIN to anything TBH....... If admins need to access databases, use the da_admin login to phpmyadmin...... That's what I do....

    If you are worried about security if this AUTO-LOGIN does appear, then force ALL clients to use 2FA/Keys to Directadmin......
    That doesn't work when you're using something like Ezeelogin to manage a larger number of servers and have multiple staff, maintaining a long list of da_admin passwords for everyone is far from ideal.

    Plus, half our shared hosting customers don't even know their own hosting account login details, let alone individual mysql users.

    If it's possible for this feature to be enabled/disabled at the admin level then I really can't see what the problem is.

  11. #11
    Join Date
    Jun 2019
    Posts
    27
    Quote Originally Posted by Peter Laws View Post
    I really do not like AUTO-LOGIN to anything TBH....... If admins need to access databases, use the da_admin login to phpmyadmin...... That's what I do....

    If you are worried about security if this AUTO-LOGIN does appear, then force ALL clients to use 2FA/Keys to Directadmin......
    The Auto-Login doesn't change anything in terms of security. If you already have access to the DirectAdmin User Account, you can simply:

    • Add new user to the database and gain access
    • Change the password of the actual Database User and gain access
    • Lookup for the Database User password on scripts configuration files using File Manager


    The 2 Factor Authentication is a great feature, but customers will never use that in the first place. We can force the option, but most of the customers will not be happy and you will end up for loosing those customers.

  12. #12
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    Quote Originally Posted by nick-a View Post
    Plus, half our shared hosting customers don't even know their own hosting account login details, let alone individual mysql users.
    Exactly, this is why password123 is one of the top passwords.....

    Being serious, it's 2019, if people can't handle passwords etc, they shouldn't be on the internet.

  13. #13
    Join Date
    Jul 2017
    Location
    Murfreesboro
    Posts
    353
    I think we need to define which level we are speaking of? admin or user.

    I just want to be sure I follow this.. If I am a user logged on to my DA account. Why should I have to log in again to webmail or pma? If I own the account the emails are all mine. It should just use the stored password and open. Same for PMA I own the user account.

    I was reading this from Ditto
    login manually at server.hostname.com/phpmyadmin
    Is this only for Users or Admin level? I actually don't want this at the admin level. So we may need separate options for all of this. I would not want PMA available to the general outside. I want users to have to login to DA to see PMA.

    Webmail should be allowed to be both subdomain or regular dir structure.
    Thanks,
    Brent Dacus
    Just a regular guy from Tennessee

    CentOS 7 | DA | CB 2.0 | MariaDB 10.4 | PHP 7.2

    help me...it's HERE or Type "your issue your os directadmin" in google


  14. #14
    Join Date
    Jul 2017
    Location
    Murfreesboro
    Posts
    353
    Quote Originally Posted by Peter Laws View Post
    Exactly, this is why password123 is one of the top passwords.....

    Being serious, it's 2019, if people can't handle passwords etc, they shouldn't be on the internet.
    I am down with passwords and 2fa is a option. Maybe we need an option to let the hoster choose 2fa as required or not?
    Thanks,
    Brent Dacus
    Just a regular guy from Tennessee

    CentOS 7 | DA | CB 2.0 | MariaDB 10.4 | PHP 7.2

    help me...it's HERE or Type "your issue your os directadmin" in google


  15. #15
    Join Date
    Apr 2009
    Posts
    2,421
    @DirectAdmin Support and @smtalk: I must be very clear on this. You can't remove outside access to phpMyAdmin and Roundcube webmail without giving us a option to enable that (and/or disable autologin). We have customers that create email accounts and give to their clients, wich they do not give access to DirectAdmin control panel, so they need to be able to log into webmail outside of DirectAdmin. Also as said before, we also need to keep phpMyAdmin available outside of DirectAdmin. Customers and third party need to be able to login to phpMyAdmin without the need to log into DirectAdmin.

    We need phpMyAdmin and Roundcube webmail to continue to be available at server.hostname.com, that is a absolute MUST. You can't just remove a feature like that and expect everyone to be happy about it. No problem if you remove it as default, as long as it will be possible to enable access to phpMyAdmin and Roundube webmail in directadmin.conf, and also be possible to disable autologin to phpMyAdmin and Roundcube webmail.

  16. #16
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    What ditto said, I say ditto..... <sorry, couldn't resist>

  17. #17
    Join Date
    Jun 2019
    Posts
    27
    Quote Originally Posted by ditto View Post
    Customers and third party need to be able to login to phpMyAdmin without the need to log into DirectAdmin.
    Having phpMyAdmin available to third parties can represent a security risk, so i think this should be disabled by default but possible to enable for those who really want it.

    I would disable this option in our installations. If someone needs to provide third party access to databases without sharing the DirectAdmin Credentials, they can just add the third party IP Address to the Access Hosts list.

  18. #18
    Join Date
    Jul 2017
    Location
    Murfreesboro
    Posts
    353
    We have customers that create email accounts and give to their clients, which they do not give access to DirectAdmin control panel, so they need to be able to log into webmail outside of DirectAdmin.
    Agreed No issue for me.
    You can't remove outside access to phpMyAdmin and Roundcube webmail without giving us a option to enable that (and/or disable autologin)
    Agreed No issue for me.

    I think its ok.. We just need more options.

    Users inside DA autologin PMA webmail directadmin.conf 0 or 1

    Admins inside DA autologin PMA webmail directadmin.conf 0 or 1

    PMA on to outside directadmin.conf 0 or 1 > on by default.

    Webmail off to outside directadmin.conf 0 or 1 > on by default.

    Is this sounding close... we just have to keep talking and communicating..
    Thanks,
    Brent Dacus
    Just a regular guy from Tennessee

    CentOS 7 | DA | CB 2.0 | MariaDB 10.4 | PHP 7.2

    help me...it's HERE or Type "your issue your os directadmin" in google


  19. #19
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    4,183
    so they need to be able to log into webmail outside of DirectAdmin
    I fully agree.

    As for phpmyadmin I don't mind. I don't know or see any good argument why users should be able to access it from outside the panel. But if it can be made switchable to make everybody happy, it's oke by me too.
    Greetings, Richard.

  20. #20
    Join Date
    Jun 2019
    Posts
    114
    What user are people going to be "auto" logging into phpMyAdmin and Webmail with?

    Webmail for non-DirectAdmin users is a most... is this seriously being talked about being removed?

    But phpMyAdmin... how big of a case is this for non-DirectAdmin users? Why not just install phpMyAdmin on the publicly accessible area of the web hosting account for accounts that need this functionality? I'm really not aware of any cases where any of our users need access to phpMyAdmin outside of their control panel... but maybe that's just me... and maybe I'm forgetting someone. But if they do need it... they would have had to have installed phpMyAdmin on their own some where publicly accessible.

    I suppose you could make the argument for Roundcube and webmail as well... but webmail is much more common place. There are a lot of web hosting clients that create email accounts for their friends, families, or colleagues and a lot of them access webmail on the account. Could these web hosting accounts installed Roundcube themselves on their domain name? Sure. But pretty much every web hosting account is going to have to do that, which is why I'd advocate leaving webmail accessible server-wide by default.

    But I don't know if I see the case for phpMyAdmin being server-wide publicly accessible. You may be opening up a case where this benefits 1 out of every 1000 users... I'm not sure if it's worth it.

    But if you want to spend the time offering this... that's fine by me. Just give us the option to disable it server-wide.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •