GitLab

The security for the multiple server scenario should be reviewed/discussed. When adding a new server to ISPConfig it gets full access to the main ISPConfig database including all other databases. If the new server is compromised the whole ISPConfig configuration is in danger including all other servers.

In our setup we've got one more secure main server with the ISPConfig interface/database and websites build by us. On the second server we have websites that are maintained by clients, FTP access and phpMyadmin access. Somewhat less secure then the main.

My idea is that all other servers should talk to ISPConfig via an API that only offers the needed information. If I don't have e-mail setup on the other server it should be able to retrieve encrypted passwords and other e-mail configuration. Another solution would be to let the main server push settings to the client servers, but this results in more traffic and possible errors I guess.

What do you think? Maybe there is another way to get the setup more secure?