WebFaction
Community site: login faq

Investigating use of the Webfaction API, I was stunned to see that it requires storing the control panel password in clear text. I've read a few justifications as to why this would be ok e.g. the entire server would have had to be compromised. Who's to say a future exploit through one unpatched webapp wouldn't allow someone to read your cron table or home directory?

Could Webfaction instead look into making the API more secure by implementing a way to generate application keys for use with the API? Google does something similar. A long lived key can be generated that can be passed to the login method instead of username and password.

Additionally, each key could be locked down to access only a subset of the API functionality. Even if a key to (say) update certificates was compromised, it couldn't be used to delete apps or create additional users.

asked 10 Jan, 02:38

jamesbeard's gravatar image

jamesbeard
312
accept rate: 0%

These are certainly great ideas and something which would improve the security and usability of the API.

The current version of the API isn't currently structured in a way that would make modular permissions on specific functions feasible. However, I've created an internal ticket for both ideas and passed it along to the development team for consideration. Thanks!

(10 Jan, 08:15) ryans ♦♦ ryans's gravatar image
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×67
×64

question asked: 10 Jan, 02:38

question was seen: 95 times

last updated: 10 Jan, 08:15

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2017 PARAGON INTERNET GROUP LIMITED - WEBFACTION IS A SERVICE OF PARAGON INTERNET GROUP LIMITED
REGISTERED IN ENGLAND AND WALES 7573953 - VAT REGISTRATION NUMBER 182147021
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM