Page 1 of 1
What is the thought behind the default admin and admin_ prefix?
Posted: Thu Jun 22, 2017 3:07 pm
by Spythe
I was wondering why the default user is called 'admin' and the prefix is 'admin_'. Is there a reason for this? I read that having an additional prefix is a so-called 'security measurement', but 'admin' is almost more common than the name 'John' in America. From that perspective, 'vesta' would be more secure, in my opinion.
So anyone care to clarify it? Just wondering.
Re: What is the thought behind the default admin and admin_ prefix?
Posted: Fri Jun 23, 2017 8:37 am
by ScIT
The prefix is not rellay a "security-thing", more a management one. Admin is one of the most common ways for default user, that's right. In VestaCP you can't rename or delete this user. If you choose a secure/strong password (what should be a standard of course) there is no security issue in using this user. Brute force attacks will be detected and blocked by fail2ban, so no "problem" in that way.
Re: What is the thought behind the default admin and admin_ prefix?
Posted: Sat Jun 24, 2017 1:41 pm
by mehargags
as ScIT said, if you configure everything properly upto security standards.. it should not be a problem.
Don't use admin account to host any sites.. create a separate user for each site or atleast each group of customers.
However, I do feel the ability to choose "admin" user account's name during VestaCP install would be great... security through obfuscation is a great way and would reduce attack surface and attempt if both username and password are to be guessed.
I had proposed this 3 years back... may be at some point it will be possible for the Devs to include such an option