Jump to content

Save IPS Info


OctoDev

Recommended Posts

-1, sorry not a good idea at all - other admins may have access to the ACP but I would not want anyone other than me (we have 3 admins) running the upgrade. If anything goes wrong, then a support ticket needs to be raised and so forth and that means giving people secondary access here.

I have the the relevant knowledge and experience of performing what should be routine upgrades but I just wouldn't have the details saved for anyone with ACP access.

Link to comment
Share on other sites

2 hours ago, craigf136 said:

-1, sorry not a good idea at all - other admins may have access to the ACP but I would not want anyone other than me (we have 3 admins) running the upgrade. If anything goes wrong, then a support ticket needs to be raised and so forth and that means giving people secondary access here.

I have the the relevant knowledge and experience of performing what should be routine upgrades but I just wouldn't have the details saved for anyone with ACP access.

I think checkbox 'Remember IPS Account Info' can resolve this problem. You'll disable this feature, but we'll enable.

Link to comment
Share on other sites

6 hours ago, craigf136 said:

-1, sorry not a good idea at all - other admins may have access to the ACP but I would not want anyone other than me (we have 3 admins) running the upgrade. If anything goes wrong, then a support ticket needs to be raised and so forth and that means giving people secondary access here.

I have the the relevant knowledge and experience of performing what should be routine upgrades but I just wouldn't have the details saved for anyone with ACP access.

Simply disable the permission for all those to upgrade it then?

2 hours ago, Marcher Technologies said:

....you do realize how bad of an idea, security-wise, storing your IPS credentials..... *anywhere* on your site is, right?

Right, is it any better storing FTP Information? or even sFTP? No. Still an option ;) 

 

As of now, I am one admin. However I'd prefer if it was one click upgrade (rather than signing into ips each time) would make it so smooth. Also in case you have other server admins, you don't need them to access your IPS account to upgrade.. which would result in them accessing a lot of information, such as other site licenses.

Link to comment
Share on other sites

43 minutes ago, craigf136 said:

Simple solution, browser save the login information and hey presto job done.

Please, read the first post: i have more admins running and maintaining the community. Would be nice if i could save it, without giving them my passwords so they can update it while I'm gone using auto upgrader

44 minutes ago, craigf136 said:

Not wise to have it stored for everyone in the ACP.

And also this: Right, is it any better storing FTP Information? or even sFTP? No. Still an option

Link to comment
Share on other sites

2 hours ago, Ilya Hoilik said:

Please, read the first post: i have more admins running and maintaining the community. Would be nice if i could save it, without giving them my passwords so they can update it while I'm gone using auto upgrader

I've read it several times, if you don't want to give them your passwords, then you don't trust them enough with this information, so why are you letting them process the upgrade?

2 hours ago, Ilya Hoilik said:

And also this: Right, is it any better storing FTP Information? or even sFTP? No. Still an option

Where about in the ACP are you storing FTP or sFTP information? I'm certainly not saving any of this information within the ACP or are you referring to the client area of IPS?

Link to comment
Share on other sites

2 hours ago, Ilya Hoilik said:

Right, is it any better storing FTP Information? or even sFTP?

It's actually much worse, for the multi-license user anyway. Instead of one suite you run being compromised, they all are? Oh, and that's not to speak of the marketplace access, including to every mod bought being downloadable, as well as the suite.

Link to comment
Share on other sites

3 minutes ago, Ilya Hoilik said:

You can provide AND SAVE your ftp/sftp details in delta-upgrade system

I would need to check that on the next delta upgrade, I personally haven't seen any option to save this information when processing a delta upgrade, always required to download and upload the relevant files. Not saying it doesn't, I've just not seen it.

However, for security reasons, I would not have any login details relating to the server (sFTP or otherwise) stored anywhere other than locally.

Link to comment
Share on other sites

IPS obviously know what they are doing and why this is being prompted (to make the upgrade as easy as possible for everyone) but personally, I would never save the information, I would always manually process the files.

Limit the amount of locations where passwords and access information is stored and you reduce the risk of others known this information and the potential risk of complete data loss. It's very easy for another ACP access user to get angry and want to damage things, restricting what they can and cannot do in the ACP is paramount, the easiest option is to always limit who has access to sensitive information such as passwords to yourself and no one else.

Link to comment
Share on other sites

or for the method we are thinking of, why dont they just stop with the login, and use the upgrader with product key? it calls back home with product key anyway, grabs what is associated with the key. Thus not needing the IPS credentials? But have it in a way where it follows the admin permission for key viewing. so your key isnt leaked to any admin you dont want to see the key, but still allows update?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...