HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Plugins/Modules/Addons (
-   -   MODULE: ISPC-AjaXplorer (

cfoe 5th June 2012 15:47

Hi Guys,
ISPConfig 3 is still lacking a WebFTP-Client (nearly) runnning "out-of-the-box".
Due to the feature request I totally support I will give it a shot by bridging AjaXplorer to the ISPConfig frontend.

"Watch" the repo on GitHub to let me know you like the functionality and/or post below.

Discussion: down below

Main characteristics:
  • password-less login for admins/owner from within ISPC-Frontend
  • Deployment via ISPC repository feature ( -> One-Click-Installation (planned)

And as always: Contributations are always welcome

cfoe 21st June 2012 18:30

ISPC-Route53 module structure:

cfoe 27th June 2012 10:22

Please move to: Plugins/Modules/Addons

cfoe 2nd July 2012 15:27

Should ist be possible for admins to login to a FTP account without password?

till 2nd July 2012 15:43

This would be nice on one hand. But you would have to store cleartext passwords for that as ajax explorer would not be able to login to the FTP account of the website without it. And thats a thing that I would never do on my own server and I guess when a ISP has to explain to his customers that all their passwords were stored in cleartext in case that he got hacked, he will be out of business soon.

cfoe 2nd July 2012 15:54

Maybe there is a way without clear text pw.

I'll keep you posted.

Other CPs are doing it somehow. Maybe not via FTP but in file manager mode or something.
Ajaxplorer seems very flexible

Croydon 4th July 2012 11:22


Originally Posted by cfoe (Post 281444)
Other CPs are doing it somehow. Maybe not via FTP but in file manager mode or something.

Some of them store cleartext passwords (like plesk does).

till 4th July 2012 11:35

I guess if customers would know that plesk stores their passwords unencrypted, then they would switch to a ISP that has higher security standards. Do you remember the bad press when companys lost their user database incl. passwords due to hackers with weak password encryption like linkedin, so everyone could imagine what the users would say if a company says "oh, we lost your passwords and they were not encrypted at all".

I wonder if a company is liable for damages that occur for not taking care of user passwords in a appropriate way, I guess this might be even grossly negligent.

Croydon 4th July 2012 11:39

I was kind of surprised when I saw that they are stored in cleartext. I wouldn't expect that from a big panel.

cfoe 5th July 2012 10:27

I think the bigger the company the easier they get away with something like this.

Look at the Sony Network incident. No consequences for Sony :mad:

All times are GMT +2. The time now is 22:31.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.