I’ve just signed up as a reseller for a hosting provider that doesn’t offer https connection for control panel logins except through their branded site. I don’t mind having to login to my WHM control panel through their branded site, however, this isn’t appropriate solution for my clients to log into their cPanels. The company assures me that their servers are secured behind a firewall and that they have internal and external security monitoring and “not to worry” about the lack of a secure internet connection.
Am I worrying unnecessarily that my hosting clients will have to login to their cPanels through a non-secure (http) internet connection and take the parent hosting provider at their word that they have never had a problem with accounts being compromised or should I look for another hosting provider?
They are assuring you about one area or security when you are looking at a completely different area of security.
It is as if you were asking about gloves and they assured you that all their footwear was sturdy and long lasting.
The secure connection you are after goes between the browser and the server. All they are talking about is server security. The only way to get security between the browser and the server is the way you are asking about so their real answer is that they don’t care about that aspect of security and every one of your clients can have their password stolen via a man-in-the-middle attack and that will have nothing to do with them because it happened outside their firewall.
Maybe they never have had an account compromised though not having provided security at that level but that’s not an excuse for not providing it.
The most worrying part of the whole thing is that their answer indicates that they don’t really understand security and so who knows what other areas they have not covered because of that lack of understanding.
Thank you, Stephen, for your confirmation of my fears. I will cancel my account with this hosting provider and continue to search for one that provides both secure servers and connections.
Thanks for the reply, Serverpoint. Actually, I had asked the sales rep beforehand and was assured that a secure connection would be provided. It was the support team that told me otherwise after I signed up. But it turned out alright in the end all when I called the sales team back and they were able to give me a secure connection after all through a shared SSL.
Have you shown them the records of your presales conversation? I think you should refresh their memory. Perhaps that will help you to solve the problem with particular provider?
Honestly, I don’t believe that secure cPanel connection helps a lot. I would definitely go with a company which is able to protect its servers instead of offering just secure SSL connections.
If someone is able to get into the server, SSL won’t help you.
Thanks for the input Hosting24 but the servers are secured. My initial concern was with lack of SSL in addition to the other hardware/software security protocol the company follows. Now that issue has been resolved all is well.
The only issue is that without it, your password and username go out over the interwebs in plain text, so anyone sniffing around on the network will get a readable password. But, the same is true for FTP and unsecured pop3, SMTP, etc, so the value is neglible when you think about it like that.
Honestly, I found that only n00bs take care about security TOO MUCH. They are afraid of EVERYTHING, while experienced users and security experts can separate facts from fictions and they don’t care about stupid issues at all.