Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Order of Opperations
#1
Accounts are created before the order is approved by an admin and then suspended twice.

If you dont see that as a bug then tell me your logic behind creating an account BEFORE it is approved and suspending it TWICE?

The right ways = the account is created AFTER it is approved by the admin.
#2
(10-04-2009, 03:03 AM)Eli L Wrote: Accounts are created before the order is approved by an admin and then suspended twice.

If you dont see that as a bug then tell me your logic behind creating an account BEFORE it is approved and suspending it TWICE?

The right ways = the account is created AFTER it is approved by the admin.
I understand completely what you're saying here. But their definitely is logic behind this.

The account NEEDS to be created on the order form because after that, the password is hashed, salted and inserted into the DB where it can never be unencrypted. So when it is encrypted, we can't send the password onto cPanel.

So, without storing the real password into the DB which could provide MAJOR security issues, for the client, because the host has all their passwords.

EDIT: Also, it isn't suspended twice. You just receive two emails because you signed up the account.
Jonny H - THT Main Developer & Founder


#3
(10-04-2009, 05:04 AM)Jonny Wrote:
(10-04-2009, 03:03 AM)Eli L Wrote: Accounts are created before the order is approved by an admin and then suspended twice.

If you dont see that as a bug then tell me your logic behind creating an account BEFORE it is approved and suspending it TWICE?

The right ways = the account is created AFTER it is approved by the admin.
I understand completely what you're saying here. But their definitely is logic behind this.

The account NEEDS to be created on the order form because after that, the password is hashed, salted and inserted into the DB where it can never be unencrypted. So when it is encrypted, we can't send the password onto cPanel.

So, without storing the real password into the DB which could provide MAJOR security issues, for the client, because the host has all their passwords.
Couldn't you just hold off entering a password until it is approved by the admin? Then once it is approved, the user is given the chance to enter their password which can then be hashed and salted.

(10-04-2009, 05:04 AM)Jonny Wrote: EDIT: Also, it isn't suspended twice. You just receive two emails because you signed up the account.
Well that makes sense. Tongue
#4
(10-04-2009, 01:10 PM)Eli L Wrote: Couldn't you just hold off entering a password until it is approved by the admin? Then once it is approved, the user is given the chance to enter their password which can then be hashed and salted.

That's possible, but that would result in a fairly more complex validation system.
Kevin Mark - TheHostingTool Lead Developer
#5
(10-04-2009, 01:10 PM)Eli L Wrote:
(10-04-2009, 05:04 AM)Jonny Wrote:
(10-04-2009, 03:03 AM)Eli L Wrote: Accounts are created before the order is approved by an admin and then suspended twice.

If you dont see that as a bug then tell me your logic behind creating an account BEFORE it is approved and suspending it TWICE?

The right ways = the account is created AFTER it is approved by the admin.
I understand completely what you're saying here. But their definitely is logic behind this.

The account NEEDS to be created on the order form because after that, the password is hashed, salted and inserted into the DB where it can never be unencrypted. So when it is encrypted, we can't send the password onto cPanel.

So, without storing the real password into the DB which could provide MAJOR security issues, for the client, because the host has all their passwords.
Couldn't you just hold off entering a password until it is approved by the admin? Then once it is approved, the user is given the chance to enter their password which can then be hashed and salted.

(10-04-2009, 05:04 AM)Jonny Wrote: EDIT: Also, it isn't suspended twice. You just receive two emails because you signed up the account.
Well that makes sense. Tongue
It isn't possible at all. Even due to what Kevin said. Well it is possible, but not without leaving a bit flaw in the system.

Without having the whole of THT encrypted, we can not do it. The only way is to store the password in the DB as it is and it leaves everything open for the client.

So no Wink
Jonny H - THT Main Developer & Founder


#6
Well the current system is flawed. If someone were to spam account orders then the server would have increased load/problems due to having to create so many accounts. It also uses up precious server uid's.
#7
(10-04-2009, 07:12 PM)Eli L Wrote: Well the current system is flawed. If someone were to spam account orders then the server would have increased load/problems due to having to create so many accounts. It also uses up precious server uid's.

Nothing preventing us from adding a captcha. Wink Also, you can configure some things to work all on one constantly running process instead of having one process per action.
Kevin Mark - TheHostingTool Lead Developer
#8
(10-04-2009, 07:12 PM)Eli L Wrote: Well the current system is flawed. If someone were to spam account orders then the server would have increased load/problems due to having to create so many accounts. It also uses up precious server uid's.
Well, your point is flawed, because if you want to say it that way, every other system is flawed.

It's better making the account on users completion than admin approval because it will not slow the load down. For, your server load to be extremely high if its making 3 or so accounts, then, your server is badly managed.

Well, with whatever username I use a server username? Theres no way of going round that at all. I don't get your point.
Jonny H - THT Main Developer & Founder


#9
Here is another thing. Let's say you have five people signup on the same day. At random times during that day. The next day you approve all five accounts. With Eli's proposed method the server would experience a high(er) load at a concentrated time. With the current approach these accounts would be created at more likely not the same time. So the server load would be more spread out.
Kevin Mark - TheHostingTool Lead Developer
#10
(10-05-2009, 04:59 PM)Kevin Wrote: Here is another thing. Let's say you have five people signup on the same day. At random times during that day. The next day you approve all five accounts. With Eli's proposed method the server would experience a high(er) load at a concentrated time. With the current approach these accounts would be created at more likely not the same time. So the server load would be more spread out.
Exactly what I was trying to say Wink

But still, a account created on WHM/DA should not affect the load that much or at all.
Jonny H - THT Main Developer & Founder




Forum Jump:


Users browsing this thread: 2 Guest(s)