PDA

View Full Version : Improving the Mail/FTP account wizard



Corrado Fiore
09-17-2004, 03:03 AM
Dear All,

I'd like to share some suggestions for improving the new Mail/FTP account wizard in the site manager. Here they are:

Use existing directory checkbox. An important one, beacuse leaving it unchecked will overwrite the existing FTP directory. I then suggest you to make it checked by default :idea: . In my experience, I've never need to leave it unchecked.

Maximum mail user quota. These days, 20 MB maximum space for a mailbox is often not enough for professional use. I know I can edit the configuration files to get 50 or 100 MB mailboxes again, but my clients are not skilled enough to do so and they're asking me everytime. I wish we could have freely configurable mailboxes again.

Hidden passwords. In the wizard, passwords are shown as ****. This makes impossible to read them once assigned. I know it's a security measure :roll: , but IMHO the webmaster should be able to access them everytime --it's much easier!

Have a nice day!
Corrado Fiore

j103c
09-17-2004, 08:22 AM
Use existing directory checkbox. An important one, beacuse leaving it unchecked will overwrite the existing FTP directory. I then suggest you to make it checked by default :idea: . In my experience, I've never need to leave it unchecked.

Hi,

I don't understand this one.. I can think of only one time when I checked it, to do something abnormal with a user account. Otherwise I prefer the home directories to be created as suggested by the system. What do you mean the FTP directory gets overwritten?

torrin
09-17-2004, 08:56 AM
Hidden passwords. In the wizard, passwords are shown as ****. This makes impossible to read them once assigned. I know it's a security measure :roll: , but IMHO the webmaster should be able to access them everytime --it's much easier!

Isn't the webmaster effectively root? If that's the case, I can't see why he would need to see the passwords of everybody else since he can do anything anyway (including change passwords). More explaination is needed. :?

As for the mail quota, the default should be a small number, but the webmaster should be able to set it to whatever he wants. Therefore, maximum should be unlimited (the amount of space you purchased).


What do you mean the FTP directory gets overwritten?

He's talking about the users home directory. It's under the ftp directory by default for some strange reason (note that on unix-like systems, the users home directory is usually under /home, not /ftp/pub :? ). I think he's saying, if you delete the user without deleting the directory, then try to recreate that user without checking the box, the previous directory gets deleted and recreated. I don't see this as a bug, but it would be nice if destroying data wasn't the default. :(

j103c
09-17-2004, 09:16 AM
I think he's saying, if you delete the user without deleting the directory, then try to recreate that user without checking the box, the previous directory gets deleted and recreated. I don't see this as a bug, but it would be nice if destroying data wasn't the default. :(

Oh ok, that makes sense. I guess I could go either way on that one. Playing the other side, it's nice to have the system clean up a user, rather than having to do it manually if you didn't want all that stuff still there.

wildjokerdesign
09-17-2004, 01:09 PM
On the topic of Passwords. As Torrin mentioned since you are "root" you still have access to everything. Although you can not see their password you can still click on the username and get to thier "mini Site Manager". I think many systems are set up like this. I think the reason behind it is that many users have the same password for just about everything they do on the internet (bad idea BTW) so it protects what they concider to be private to them only. What if you where not an above board admin and you went in and looked at all your users passwords and then figured out that one of them also used it for thier on-line banking. You could do a lot of damage. I may be full of it but that is why I always figured things where set up as they where.

jalal
09-18-2004, 08:44 AM
Also, if the passwords are stored as a hash (which they should be) then there is no way to 'unhash' them to find out what they were originally.
I suspect (but don't know this for sure) that the stars are just dummy stars and the original passwords are unknown.