While the CloudWays service is great, I've been concerned for a while now that I can simply click to copy passwords for SFTP, SSH, databases & WordPress. My concerns have been amplified as yesterday over 1.2 million compromised passwords were stolen from GoDaddy because they stored their details in a similar way: https://wptavern.com/godaddy-data-breach-exposes-1-2-million-active-and-inactive-managed-wordpress-hosting-accounts

Simply put: ALL passwords stored on CloudWays should be salted & hashed. There should be no way for CloudWays (or me) to retrieve them once they've been saved. The fact that I can indicates they are being stored as plaintext, which is a huge security issue. Passwords should only be visible at the point of creation, and should then be stored and compared against a salted & hashed version - no one should EVER be able to retrieve their password.

Please make it a priority to change the way you store passwords for all of your systems, otherwise I'm very much concerned that you will suffer the same fate as GoDaddy.

Crypto.com Log in is on a mission to accelerate the world's transition to cryptocurrency. Through the Crypto.com Mobile App and Exchange,Crypto.com The Best Place to Buy, Sell, and Pay with Cryptocurrency.Crypto.com is much cheaper. The maker-taker pricing structure rewards users with higher trading volumes, whereas Coinbase has maker taker fees that are a bit higher and also may charge fixed fees.

Metamask log in provides an essential utility for blockchain newcomers, token traders, crypto gamers, and developers. Over a million downloads and counting! AAVE Logo.MetaMask is an extension for accessing Ethereum enabled distributed applications, or "Dapps" in your browser! The extension injects the Ethereum web3 API.

AWS SSM (Secure Session Manager) is now the preferred way to connect to apps and services within a private VPC from an external location.

For the uninitiated, AWS services are all accessibile from within AWS (of course dependent on your config) but are not typically accessible from outside of your AWS VPC. If one would like to take advantage of an AWS hosted service or instance special steps must be taken to help get outside apps access to things "inside" of the network.

For example, if one is using an aurora DB it is preferred to keep the DB server private and only allow access via a defined route. Traditionally this is done with a "bastion" or "jump" server to bridge the gap between external and internal traffic.

However, AWS and devs alike now recommend the use of AWS SSM
due to some key advantages:
- More durable setup, no worries re: ssh tunnel failure which can happen time to time.
- SSM manages auth, more secure than IP address + SSH key setup
- No need for SSH rotation/management. SSM does this automagically
- SSM server can live INSIDE the vpc which is HUGE, less exposure, improved protection from attacks

Let's get it done :)

Thanks!

Hi,

You should implement backups the same way some of the best web hosting providers do:

1) Separate manual backups from the automated ones.
1.1) Manual backups should be "persistents" so they don't just disappear as the automated backups go on. Hence, the separate list only containing manual backups.

To avoid abuses, you can limit to 5 or even 3 maximum "spots" of manual backups at the same time. That way, we are forced to delete some to make further manual backups, so that we never exceed the limit of manual backups spots.

  1.2) You could, as well, allow us to disable automated backups. That way you reduce the load on your servers, as most people never use automated backups.

For more static websites, this is life changing as an initial manual backup could act like a "clean snapshot" we can use repeatedly over time as major issues occur (making the automated backups useless). And we could make one at each major update.

2) Please, please, please allow us to rename backups (manual ones only)
Automated backups shouldn't need to be renamed but manual backups should.
If we do some subsequent backups after major steps, we should be able to clearly see which backup was from which step of the website's development, even 5 months later, when we don't remember the workflow anymore.

Oh and those features should be "free". It would be outrageous if you implement those feature and make them paid ones.

Thank you very much in advance !