use different usernames with passwords

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
ewel
Joomla! Guru
Joomla! Guru
Posts: 522
Joined: Mon Oct 01, 2007 11:35 am

use different usernames with passwords

Post by ewel » Tue Jan 01, 2008 10:45 pm

Perhaps I am going to state the obvious, but then again someone might find this suggestion useful..

For Joomla to work on an online server several usernames and passwords are needed, and it makes good sense to use different usernames and passwords for each type of access.

For example, I have different sets of usernames and passwords for the following:
- login on the site of my provider to get support or make payments;
- email;
- login to my cpanel;
(- Joomla root directory password-protection during development;)
- database access;
- Joomla administration backend;
(- Joomla frontend login for testing)

In this way, if only Joomla gets compromised, you can still control your database, your cPanel, your hosting and your email. If your database gets compromised as well, you can delete it or take other action because you still have cPanel control. If your cPanel access is also compromised you can still control your hosting account. Etc.

On the other hand, if the usernames and/or passwords are all the same then an attacker could be able to take full control over your hosting, site and email once one type of access has been compromised.

Just to make sure that I am really stating the obvious: not only the usernames but also the passwords should be different.

Locked

Return to “Security in Joomla! 1.5”