suppressed wrote: > On Monday, November 12, 2007 2:14 PM Mike Heins wrote: > >> Quoting John1 (suppressed): >>> I'd like to implement some "security by obscurity" by moving the >>> admin interface to a different location rather than /admin. >>> >>> Please can anyone tell me what I need to do to relocate it. >> >> Not recommended. >> > OK, fair enough. > >> Much better to do is to run a separate interchange server instance >> that has the admin pages and tags, removing those completely from >> production. In some cases, you can put the IC server behind a company >> firewall completely, making it only accessible via VPN. >> > OK, so in this scenario presumably the admin GUI would be on a > different domain/IP but would still have to be at /admin. > > i.e. > website would be at www.websitedomain.com > admin GUI at www.admindomain.com/admin > > Do I understand correctly? > > I just thought it would be nice if there was a simple way to move > admin pages from: > www.websitedomain.com/admin > to say: > www.websitedomain.com/adminqwerty This really would not afford you much security. You can alter the login page so it is harder to tell that it is interchange, and remove the version number from the bottom. I really don't know why were are showing strangers the version number of the server there anyways. You can however: set some "retry" limiting mechanism on the login form add a captcha field - maybe if the visitor is from an unknown IP (i.e., road user) so it does not inconvenience everyone? make the form submission be verified by a random code, that was attained during a previous page to make it hard for people to post *their* forms to your process. Make the code change every submissiont to assure it is not some program. Paul Jordan Gish Network For Print, Web and Life suppressed _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.