ramf Posted November 8, 2020 Share Posted November 8, 2020 Hi, In version 8.0.4 when I try to add a new client I have to add a password during the client creation process or else I get error while In version 7.10.2 I can create a new client without adding such a password. The solution by WHMCS is: Quote you can put in any placeholder data as a password then visit the Users tab of that profile and click the down arrow to the right of the Owner user and click to send a password reset email In my opinion this is so much more work than the process in version 7.10.2 - you made something simple to very cumbersome... And there is a security issue here... If our agent will have to manually insert a password and then manually send a password reset email - I guess that the password will not be a strong one, and maybe even the same password for several customers, and I guess that some of the customers will not go through the change password process - so in the end we will have clients / user with a week / repetitive password and that's a huge security risk! So in version 8 you created a cumbersome process that will also cause a security risk - This is bad.... Also please note that when adding a user to the account - we don't have to create a password, an email is sent to the user and he can use WHMCS password generator to create his password. So the only place we have to manually add a password is when we create the first user / client. Please consider implementing one of the following solutions ASAP: This is the best option: Auto generate a strong password for each user. If the user is requesting a different password he can do it via the client area or by asking us to send him the reset password email - but the baseline will be secure password. in this way you can remove the password field from the create new client process. Same as above - but without removing the password field - so if we want to create a custom password when creating a new client / user. if we will leave this field empty the system will auto-generate a strong password for the client. Use the built-in password generator in the browser (chrome for instance ) - so when the admin will click on the password field the browser will automatically offer a strong password. Add the WHMCS generate password button to the admin side so when an admin is creating a new client he will be able to generate a strong random password as part of the client creation process (just like the one other users will have at the client side). Any way - forcing us to manually create a password for the customer is wrong and cumbersome and really a security risk. Can you please share your thoughts and also vote here:https://requests.whmcs.com/topic/auto-generate-a-password-while-creating-a-new-client-in-version-8 Regards, Ram 0 Quote Link to comment Share on other sites More sharing options...
Manchester Web Hosting Posted November 18, 2020 Share Posted November 18, 2020 On 11/8/2020 at 10:43 AM, ramf said: This is the best option: Auto generate a strong password for each user. If the user is requesting a different password he can do it via the client area or by asking us to send him the reset password email - but the baseline will be secure password. in this way you can remove the password field from the create new client process. Thats a good option. Dont think anyone is going to bother doing that from whmcs internally tho... Maybe someone can come up with a hook. Forums are full of issues and comments about the current way password are implemented or should i say how they have stripped it back in prep for SaaS ersion (as some have said)... 0 Quote Link to comment Share on other sites More sharing options...
ramf Posted November 20, 2020 Author Share Posted November 20, 2020 On 11/18/2020 at 11:54 PM, Manchester Web Hosting said: prep for SaaS ersion What is this SaaS version? Is there any plans to change the way WHMCS is working from a self hosting software to a SaaS hosted by WHMCS? 0 Quote Link to comment Share on other sites More sharing options...
brian! Posted November 20, 2020 Share Posted November 20, 2020 5 hours ago, ramf said: What is this SaaS version? speculation discussed in another thread.... 5 hours ago, ramf said: Is there any plans to change the way WHMCS is working from a self hosting software to a SaaS hosted by WHMCS? not in the short-term I wouldn't have thought, but who knows in the future. 🔮 0 Quote Link to comment Share on other sites More sharing options...
ramf Posted November 24, 2020 Author Share Posted November 24, 2020 On 11/20/2020 at 6:03 PM, brian! said: not in the short-term I wouldn't have thought, but who knows in the future. 🔮 O.k. Good to know. Thanks for the info.... 0 Quote Link to comment Share on other sites More sharing options...
ramf Posted November 24, 2020 Author Share Posted November 24, 2020 Any way - Please consider voting on the feature request... Until now only 2 votes (and one of them is me...). Thanks! 0 Quote Link to comment Share on other sites More sharing options...
brian! Posted November 24, 2020 Share Posted November 24, 2020 On 20/11/2020 at 08:59, ramf said: Is there any plans to change the way WHMCS is working from a self hosting software to a SaaS hosted by WHMCS? btw - I posted this a couple of days ago... 0 Quote Link to comment Share on other sites More sharing options...
ramf Posted November 28, 2020 Author Share Posted November 28, 2020 On 11/24/2020 at 7:09 PM, brian! said: btw - I posted this a couple of days ago... Thanks. It's very disturbing news... 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.