github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 18:49:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
dpeca 2019-08-29 00:05:23 +02:00 committed by GitHub
commit 1a65c4774b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -15,7 +15,7 @@ Features
+ You can totally "lock" VestaCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL
+ During installation you will be asked to choose secret URL for your hosting panel
+ Literally no PHP scripts will be alive (won't be able to get executed), unless you access the URL with that parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - hacker will not be able to access it without knowing your secret URL. PHP scripts from VestaCP will be simply dead - no one will be able to interact with your panel unless he has the secret URL.
+ Literally no PHP scripts will be alive on hosting panel (won't be able to get executed), unless you access the hosting panel with secret URL parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - hacker will not be able to access it without knowing your secret URL. PHP scripts from VestaCP will be simply dead - no one will be able to interact with your panel unless he has the secret URL.
+ You can see for yourself how mechanism was built by looking at:
+ https://github.com/myvesta/vesta/blob/master/src/deb/for-download/php/php.ini#L496
+ https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php