Re: [ic] Moving the admin interface to a different url

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ic] Moving the admin interface to a different url

Subject: Re: [ic] Moving the admin interface to a different url
Date: Sun, 18 Nov 2007 14:12:23 -0500
From: Mike Heins <suppressed>

Quoting John1 (suppressed):
> On Sunday, November 18, 2007 5:20 AM Paul Jordan wrote:
> 
> >suppressed wrote:
> >>On Saturday, November 17, 2007 5:45 PM Paul Jordan wrote:
> >>
> >>>>I just thought it would be nice if there was a simple way to move
> >>>>admin pages from: www.websitedomain.com/admin
> >>>>to say:
> >>>>www.websitedomain.com/adminqwerty
> >>>
> >>>
> >>>This really would not afford you much security.
> >>>
> >>Why not?  :-)
> >
> >
> >Because the URL will be found. Do you have any mobile workers? If
> >not, then only allow the office IP address -  you're done. If you do,
> >where do they go? Are laptop users careful? Do they all have secure
> >Wifi at home if they are logging in? Do you have people travelling in
> >small towns and out of country who will go to fly by night internet
> >cafe's, airports?
> >
> We are only a small company and nobody *should* be trying to access the 
> admin page from laptops or internent cafes.  Restricting the IP range is a 
> good idea, though I would have to allow some ISP dynamic ranges.
> 
> >If you are not locked down, then the effort is not worth the value. I
> >did not say it was no security, just that it will not afford you much
> >of it. For the same effort you can put in place a myriad of
> >techniques and make it secure - and not just hiding.
> >
> I agree that if I have to search for all the hardcoded references to /admin 
> it may not be worth the effort

It is very simple to do in Apache:

	<Location /cgi-bin/yourscript/admin/*>
	AuthUserFile /var/www/.htpasswd
	AuthGroupFile /var/www/.htgroup
	AuthName YourOrg
	AuthType Basic
	Satisfy Any
	Allow from 10.10.10
	Require group icadmin
	Deny from all
	</Location>

But by far the best way, as I said before, is to use a separate IC
server instance to serve admin -- it closes off the "process" hole. Then
put that behind a VPN.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.647.1295  tollfree 800-949-1889 <suppressed>

Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer
_______________________________________________
interchange-users mailing list
suppressed
http://www.icdevgroup.org/mailman/listinfo/interchange-users

References:
- RE: [ic] Moving the admin interface to a different url
  - From: Paul Jordan
- Re: [ic] Moving the admin interface to a different url
  - From: John1

Prev by Date: [ic] Tax Shipping only for Canada
Next by Date: RE: [ic] Moving the admin interface to a different url
Previous by thread: Re: [ic] Moving the admin interface to a different url
Next by thread: Re: [ic] Moving the admin interface to a different url
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.