[FQuest Announce] SSL Encrypted CNC Access Now Available

**Deb** · 08-14-2005, 04:52 PM

In addition to last month's rollout of QuestMail's Secure Access functionality, FutureQuest is happy to announce the availability of your CNC (control panel) over an SSL encrypted path. There are now two addresses available for you to choose from when accessing your CNC.

Non-SSL:
The CNC is still available through the non-SSL URL you are accustomed to using:

http://www.example.com/CNC/

(Remember to replace example.com with your own domain name.)

SSL:
Alternatively, for secure access to your control panel, use your xdom (in URL format) and our domain name. It looks like this:

https://xdom.securecnc.net/CNC/

(Remember to replace xdom with your own xdom and if your xdom has an underscore (_) replace it with a hyhen (-). Also note "https://" versus "http://")

Examples:
If your domain name is example.com then your xdom is xexample and the Secure CNC Login address would be https://xexample.securecnc.net/CNC/

If your domain name is examples-r-us.com then your xdom is xexamples_r_us and the Secure CNC Login address would be
https://xexamples-r-us.securecnc.net/CNC/
(notice the xdom underscores (_) were changed to hyphens (-))

Direct links to your CNCs can be found on the main home page of the CNC, as well as within a

brand new section of QuestAdmin.

To find the CNC Addresses for each of your full packages within QuestAdmin simply log in to QuestAdmin and then click on the tab titled "Services". Once there click on the link titled "Command'N'Control Panel Access".

If you have any trouble figuring out what your URL should be please send us an email and we'll be happy to assist you.

Enjoy!

*TVB* · 08-14-2005, 05:55 PM

A welcome addition to an already great webhost. Thank you.

Betsy

*jeep* · 08-14-2005, 07:02 PM

Wow! That's great guys...

Thank you - it just keeps getting better and better

Jake · 08-14-2005, 07:28 PM

Very cool! I like the padlock in the CNC icon, that's a nice touch!

*tril* · 08-14-2005, 08:02 PM

Hurrah!

*JRepici* · 08-14-2005, 08:14 PM

Thanks guys.

Now we can log in to CNC from our local hot spot without fear...

*cjcox* · 08-14-2005, 08:37 PM

Nice! A definite step in the right direction. Hope to sell all of the security holes at futurequest plugged soon! Keep up the good work.

*Wassercrats* · 08-14-2005, 08:46 PM

Good news, but wouldn't it be more secure if the domain and subdomain were reversed, so scripts that require a referrer from the same domain as the script will still be secure? So instead of https://xdom.securecnc.net/CNC/ you'd have https://securecnc.example.com/CNC, so current same-domain checks would still work.

**Terra** · 08-14-2005, 09:42 PM

Quote:

Hope to sell all of the security holes at futurequest plugged soon!

Security holes is when there is a flaw in the system that allows someone to gain unauthorized access to a vulnerable service...

I can honestly say that your choice of words is pretty far from what the reality actually is or was... There has been no unauthorized access to anyone's account via the CNC services, or any other major service we provide... Thus far, all security incursions/breaches have been due to exploitable scripts that the site owner installs into their accounts... It is our Domain_LockDown, PHP Secure_Mode™, plus many other configuration and architecture nuances that helps to keep these security incidents isolated and quarantined...

To not provide a rebuttal to your statement would have been gross negligence on our part...

Quote:

So instead of https://xdom.securecnc.net/CNC/ you'd have https://securecnc.example.com/CNC, so current same-domain checks would still work.

No... It is driven by an SSL service, which requires a SSL Certificate to operate properly...

The CERT that drives this is a WildCard CERT: *.SecureCNC.net

The same type that drives our Shared MerchantQuest SSL engine...

This is the only way it can be done that won't cause the browser to pitch a fit about security issues... E.G. self-signed CERTS, non CA Signed CERTS, CERT doesn't match domain name, etc etc etc

Another thing to consider, it would cost each site owner roughly $225.00 to obtain a valid CERT for: https://securecnc.example.com

What we have done is found a way for you to enjoy securely accessing your CNC without any extra cost to you... Enabling the CNC with SSL transport was a very costly effort I can assure you...

--
Terra
--it makes complete sense once you really think about it--
FutureQuest

*Monty* · 08-14-2005, 09:49 PM

Quote:

Hope to sell all of the security holes at futurequest plugged soon!

that's either the class project for 3rd grade spelling tomorrow, or a very short lived business.

Mont

...have never jumped out of a perfectly good plane, but would like to try it!