Admin module URL

GSTAR · November 24, 2010, 5:33pm

I have a module called ‘admin’ in my application, which is accessible at /mysite/admin. Something that has just made me wonder, to improve the site security I should really change this URL to something more difficult for someone to guess, such as any random word that only the site admin will know.

I had a play with the urlRules but could not get the desired result, for example:

‘admin-panel’=>‘admin/default/index’,

‘admin-panel/login’=>‘admin/default/login’,

But this will only work for those two URLs. If a user did /mysite/admin/user they would be redirected to the login page.

So the only thing I can think of now is to rename the actual module. I don’t think the module name is referenced a lot throughout the app so that shouldn’t be too difficult to do. Or does anyone have any other suggestions?

zaccaria · November 25, 2010, 8:05am

The path mysite/admin will work anway.

I think that for better security is enough to force admin to have login more complex than admin/admin, rather than changing the url.

jacmoe · November 25, 2010, 8:16am

I agree whole heartedly.

Use security measures instead.

RBAC and htaccess and whatever it takes.

Just because it’s obvious that your_site/admin would take you to your sites admin module, doesn’t mean that it can be properly secured.

Don’t waste your energy on something which can be solved in much better ways…

IMO.

GSTAR · November 25, 2010, 1:48pm

Yeah that’s why I was thinking of renaming the admin module, to something that would be difficult for someone to guess. I think if somebody was interested in accessing the backend of the site, one of the first url’s they would try would be mysite/admin

I know that I can enhance the security of the login, or use htaccess but it’s just the thing about not letting users KNOW where the admin section is!

GSTAR · November 30, 2010, 4:18pm

Anybody got any more suggestions on this?