OctoDev Posted December 9, 2015 Posted December 9, 2015 I want to see the upgrader also save IPS Info, i have more admins running and maintaining the community. Would be nice if i could save it, without giving them my passwords so they can update it while I'm gone using auto upgrader.
craigf136 Posted December 10, 2015 Posted December 10, 2015 -1, sorry not a good idea at all - other admins may have access to the ACP but I would not want anyone other than me (we have 3 admins) running the upgrade. If anything goes wrong, then a support ticket needs to be raised and so forth and that means giving people secondary access here. I have the the relevant knowledge and experience of performing what should be routine upgrades but I just wouldn't have the details saved for anyone with ACP access.
MADMAN32395 Posted December 10, 2015 Posted December 10, 2015 +1 .. Because the ones on my site who have access to utilize this have access here to make tickets.
Ilya Hoilik Posted December 10, 2015 Posted December 10, 2015 2 hours ago, craigf136 said: -1, sorry not a good idea at all - other admins may have access to the ACP but I would not want anyone other than me (we have 3 admins) running the upgrade. If anything goes wrong, then a support ticket needs to be raised and so forth and that means giving people secondary access here. I have the the relevant knowledge and experience of performing what should be routine upgrades but I just wouldn't have the details saved for anyone with ACP access. I think checkbox 'Remember IPS Account Info' can resolve this problem. You'll disable this feature, but we'll enable.
Marcher Technologies Posted December 10, 2015 Posted December 10, 2015 ....you do realize how bad of an idea, security-wise, storing your IPS credentials..... *anywhere* on your site is, right?
OctoDev Posted December 10, 2015 Author Posted December 10, 2015 6 hours ago, craigf136 said: -1, sorry not a good idea at all - other admins may have access to the ACP but I would not want anyone other than me (we have 3 admins) running the upgrade. If anything goes wrong, then a support ticket needs to be raised and so forth and that means giving people secondary access here. I have the the relevant knowledge and experience of performing what should be routine upgrades but I just wouldn't have the details saved for anyone with ACP access. Simply disable the permission for all those to upgrade it then? 2 hours ago, Marcher Technologies said: ....you do realize how bad of an idea, security-wise, storing your IPS credentials..... *anywhere* on your site is, right? Right, is it any better storing FTP Information? or even sFTP? No. Still an option As of now, I am one admin. However I'd prefer if it was one click upgrade (rather than signing into ips each time) would make it so smooth. Also in case you have other server admins, you don't need them to access your IPS account to upgrade.. which would result in them accessing a lot of information, such as other site licenses.
craigf136 Posted December 11, 2015 Posted December 11, 2015 Simple solution, browser save the login information and hey presto job done. Not wise to have it stored for everyone in the ACP.
Ilya Hoilik Posted December 11, 2015 Posted December 11, 2015 43 minutes ago, craigf136 said: Simple solution, browser save the login information and hey presto job done. Please, read the first post: i have more admins running and maintaining the community. Would be nice if i could save it, without giving them my passwords so they can update it while I'm gone using auto upgrader 44 minutes ago, craigf136 said: Not wise to have it stored for everyone in the ACP. And also this: Right, is it any better storing FTP Information? or even sFTP? No. Still an option
craigf136 Posted December 11, 2015 Posted December 11, 2015 2 hours ago, Ilya Hoilik said: Please, read the first post: i have more admins running and maintaining the community. Would be nice if i could save it, without giving them my passwords so they can update it while I'm gone using auto upgrader I've read it several times, if you don't want to give them your passwords, then you don't trust them enough with this information, so why are you letting them process the upgrade? 2 hours ago, Ilya Hoilik said: And also this: Right, is it any better storing FTP Information? or even sFTP? No. Still an option Where about in the ACP are you storing FTP or sFTP information? I'm certainly not saving any of this information within the ACP or are you referring to the client area of IPS?
Ilya Hoilik Posted December 11, 2015 Posted December 11, 2015 1 minute ago, craigf136 said: Where about in the ACP are you storing FTP or sFTP information? I'm certainly not saving any of this information within the ACP or are you referring to the client area of IPS? You can provide AND SAVE your ftp/sftp details in delta-upgrade system
Marcher Technologies Posted December 11, 2015 Posted December 11, 2015 2 hours ago, Ilya Hoilik said: Right, is it any better storing FTP Information? or even sFTP? It's actually much worse, for the multi-license user anyway. Instead of one suite you run being compromised, they all are? Oh, and that's not to speak of the marketplace access, including to every mod bought being downloadable, as well as the suite.
craigf136 Posted December 11, 2015 Posted December 11, 2015 3 minutes ago, Ilya Hoilik said: You can provide AND SAVE your ftp/sftp details in delta-upgrade system I would need to check that on the next delta upgrade, I personally haven't seen any option to save this information when processing a delta upgrade, always required to download and upload the relevant files. Not saying it doesn't, I've just not seen it. However, for security reasons, I would not have any login details relating to the server (sFTP or otherwise) stored anywhere other than locally.
Ilya Hoilik Posted December 11, 2015 Posted December 11, 2015 3 minutes ago, craigf136 said: I personally haven't seen any option to save this information when processing a delta upgrade Me too. But see 0:35
craigf136 Posted December 11, 2015 Posted December 11, 2015 IPS obviously know what they are doing and why this is being prompted (to make the upgrade as easy as possible for everyone) but personally, I would never save the information, I would always manually process the files. Limit the amount of locations where passwords and access information is stored and you reduce the risk of others known this information and the potential risk of complete data loss. It's very easy for another ACP access user to get angry and want to damage things, restricting what they can and cannot do in the ACP is paramount, the easiest option is to always limit who has access to sensitive information such as passwords to yourself and no one else.
MADMAN32395 Posted December 11, 2015 Posted December 11, 2015 or for the method we are thinking of, why dont they just stop with the login, and use the upgrader with product key? it calls back home with product key anyway, grabs what is associated with the key. Thus not needing the IPS credentials? But have it in a way where it follows the admin permission for key viewing. so your key isnt leaked to any admin you dont want to see the key, but still allows update?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.