Page 1 of 1

use different usernames with passwords

Posted: Tue Jan 01, 2008 10:45 pm
by ewel
Perhaps I am going to state the obvious, but then again someone might find this suggestion useful..

For Joomla to work on an online server several usernames and passwords are needed, and it makes good sense to use different usernames and passwords for each type of access.

For example, I have different sets of usernames and passwords for the following:
- login on the site of my provider to get support or make payments;
- email;
- login to my cpanel;
(- Joomla root directory password-protection during development;)
- database access;
- Joomla administration backend;
(- Joomla frontend login for testing)

In this way, if only Joomla gets compromised, you can still control your database, your cPanel, your hosting and your email. If your database gets compromised as well, you can delete it or take other action because you still have cPanel control. If your cPanel access is also compromised you can still control your hosting account. Etc.

On the other hand, if the usernames and/or passwords are all the same then an attacker could be able to take full control over your hosting, site and email once one type of access has been compromised.

Just to make sure that I am really stating the obvious: not only the usernames but also the passwords should be different.