Web Interface Credentials

Hey folks,

Long time user of FreePBX here but I’ve just realised something - or perhaps I’m going crazy, you tell me.

So I have FreePBX 2.8 on this system along with other web interfaces and like many web interfaces they like to have their own MySQL database for settings so they all get their own database each… MySQL only accepts connections from localhost so the passwords for them are pretty weak.

Now I have set authtype=database so that I get prompted to login when using FreePBX, the only thing is it accepts both the user/pass used to access the MySQL database (probably reading it from amportal.conf) and it accepts the single user I have in the ampusers table (by default this is admin/admin).

I want it to prompt me to login, but I don’t want it to accept the databases user/pass… just the ampusers I can manage from the Administrators module.

Any ideas?

And if I’m not going crazy and it’s meant to be doing this, and there is no documented way around this - I think I’ll be logging this either as a bug or feature request… you can’t assume the user/pass combination for the database is secure enough for the web interface!

You’re not going crazy, its the same on my 2.8 system as well…

This “feature” has been defaulted to not work in 2.9+, can be configured in Advanced Settings.