Is your feature request related to a problem? Please describe.
Picture this. You have a server and want to manage your own websites only. That would mean you don't really need a customer per se. But you need one because that is how everything is organised. However, it is mostly you and you alone. And if you need to, say add a database, you would log in as your Admin user, go to Customers, and click the name.
This however does not stop the customer from having login credentials (which is fine because that password is also the default password for the FTP).
However, that adds something for an attacker to find out the password.
Yes, you can add 2FA for that user but that'd be yet another entry in your password manager you will never use in this scenario.
Describe the solution you'd like
I would like an option for a customer to not be able to log in into Froxlor. It still exists and is not suspended and everything works as expected and as it is now but Froxlor would just deny a login attempt as if the credentials were wrong.
I think this would be fairly easy to implement. I am not sure how the login system works exactly, but I would believe at some point Froxlor checks the database if the user exists, gets all the data, compares the password and creates a session or throws an error. If the checkbox was checked, it would just pretend the password was wrong.
Describe alternatives you've considered
Doing it as is right now and adding a pointless entry into the password manager, and because of the paranoia, also activate 2FA. But if you're alone on the server, you will never use it, so not only does it sleep in your password manager, it also is another set of possibly dangerous login credentials an attacker could bruteforce, or exploit a security vulnerability or whatever. You never know (not saying it is a problem or anything, just hypothetically)
Additional context
(This page intentionally left blank.)
Is your feature request related to a problem? Please describe. Picture this. You have a server and want to manage your own websites only. That would mean you don't really need a customer per se. But you need one because that is how everything is organised. However, it is mostly you and you alone. And if you need to, say add a database, you would log in as your Admin user, go to Customers, and click the name. This however does not stop the customer from having login credentials (which is fine because that password is also the default password for the FTP). However, that adds something for an attacker to find out the password.
Yes, you can add 2FA for that user but that'd be yet another entry in your password manager you will never use in this scenario.
Describe the solution you'd like I would like an option for a customer to not be able to log in into Froxlor. It still exists and is not suspended and everything works as expected and as it is now but Froxlor would just deny a login attempt as if the credentials were wrong.
I think this would be fairly easy to implement. I am not sure how the login system works exactly, but I would believe at some point Froxlor checks the database if the user exists, gets all the data, compares the password and creates a session or throws an error. If the checkbox was checked, it would just pretend the password was wrong.
Describe alternatives you've considered Doing it as is right now and adding a pointless entry into the password manager, and because of the paranoia, also activate 2FA. But if you're alone on the server, you will never use it, so not only does it sleep in your password manager, it also is another set of possibly dangerous login credentials an attacker could bruteforce, or exploit a security vulnerability or whatever. You never know (not saying it is a problem or anything, just hypothetically)
Additional context (This page intentionally left blank.)