Logging in to admin account using "client login" method...

[antic]

When I started with Vortech, I used to log in to my reseller account, then hit the "login" button to access my actual admin account.

To save time, I've started to login to my admin account directly, using the login page on my service domain which my clients use to log in to their own accounts.

I can do this no problem, and it saves me a step, BUT.... since it's not SSL, am I playing with fire by logging into such an important (to me) account without the security of SSL?

I mean is it really worth worrying about, and worth going back to logging into my reseller account on SSL first?

Your thoughts, kind ppl...

Why not just bookmark https://cp.yourdomain.com:8443/ ??? Then jsut go there and log into your Admin account... Or, setup the page on your service domain to use/point to https CP URL!

[dpyers]

I'm not an expert, but I figure that hspere is a known entity in the web hosting world and that alone is cause for whatever security you can apply.

If you have acommon login page, perhaps you could redirect to ssl based upon your referrer IP?

[antic]

Quote:

Originally Posted by Bladesnitz

Why not just bookmark https://cp.yourdomain.com:8443/ ??? Then jsut go there and log into your Admin account... Or, setup the page on your service domain to use/point to https CP URL!

Ta... that url directs me to:
https://cp.servicedomain.net:8443/ps...oft.hsphere.CP

Works ok, though I get the old "do you want to display the non-secure items" bizo, coz I'm using custom gfx from my non-ssl domain. But it works!

Hang on... I get it... you're saying I should set up a separate page on my service domain, eg. "http://www.servicedomain.com/login.asp" - and the FORM on this page should copy the normal hsphere login form, but post to "HTTPS://cp.servicedomain.com:8443/psoft/servlet/psoft.hsphere.CP"

So I don't need to have SSL on my login page, just so long as it posts off to an SSL address, yeah? *becomes excited*

[mresell]

https://rxxxx.res.hsphere.cc:8443/ps...oft.hsphere.CP
I thought he was sayin to create an ssl cp and change that in your reseller cp. You obviously should change the url in reseller cp to something secure. The above cab be used in your reseller cp as your cp url. This obviously is best, but have to get ssl for graphics too. If you use the url above it goes right to you ssl svc domain cp., but if you got graphics you will get a prompt. The xxxx's are where you put your numeric reseller id not your acct. number altho... that could work never tried it. Passes and user names should never be in the clear for
important stuff like that. You don't want somebody being able to gain access to everything.