Is there anyway the input of admin password can be mandated when performing major tasks such as Editing an Account, Editing a User, Deleting a Website, Entering Filemanager, Modifying a Plan, so as to prevent irregularities (mistakes or cookie hacks or others) ???! To change password, should the current password not be required ???!
I agree completely that the current password shoudl be required to change the password, but I’m not sure about other actions - I think that would add an amount of friction that would be completely undesirable for most users.
At the moment, your best bet to get this implemented is to also create an issue in the cyberpanel Github repo GitHub - usmannasir/cyberpanel: Cyber Panel - The hosting control panel for OpenLiteSpeed. But I wouldn’t expect anything soon, unless you implement it yourself.
If the point is to stop mistakes then a simple ‘are you sure’ dialog would do the trick.
On the other hand I do see the point of requiring a password for security reasons if you are doing something that is irreversible, but also see where it could get annoying.
I think that Stripe has a good balance on this. They require you to re-enter the password for some things i.e. deleting a customer, but only for the first action of that kind during the current login. Once you have deleted the first customer you can then go and delete as many more as you like without needing to enter the password for each action.
I here tend to login on CyberPanel 1-3 times a months … Hosting provider backs up the data weekly, so i go in either to manually back up important data or make website changes … I would want to feel safe loggin in back after weeks or even months … Inputting admin password fifty times a day might not do me bad as long as i am safe … And i am sure other admins do things like i do here …
If you are in the control panel every day dealing with a lot of sites and performing multiple actions then continually entering the password every time you want to do something important will get very tiring very quickly. That’s why I think that the Stripe model works well, it confirms that the person performing important admin actions actually does have the permission to do so but doesn’t constantly bother you.