Hi there,
this is maybe not a real php code question, but... I have coded an online shop with an admin area.
The shop itself is secured, but the admin area is not at all. It is just in some other folder.
-> is it likely that hackers will find the folder if I put it to some localtion like lnfduj38834kdbuHFGH/dkfk6/admin.php ?? The folders are usually not viewable because each folder has an index.html file (is that a real security? Does it prevent ppl from browsing the folders??)
The admin area not only controls the shop functions, but also can reveal sensitive customer information.
Any way to simply keep out all ppl instead of fixing every single problem individually?
Thanks for the help!
hidden admin area
Moderator: General Moderators
As soon as an admin surfs to a different site, there is a chance his browser will pass a HTTP_REFERRER header..
The simplest/faststest/laziest solution would be to use http://www.apacheweek.com/features/userauth.
The simplest/faststest/laziest solution would be to use http://www.apacheweek.com/features/userauth.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
strong passwords, super-picky authentication and login name validation, short term sessions and limited secure data viewing are a decent place to start. I have developed admin areas that require upward of eight different validation steps before ever checking the database for an account. I have also developed areas that do not show critical information fully so that even if someone managed to get into the admin area they would only be able to get their hands on partial information.
Of course this is all script side prevention measures. There are so many other ways that hackers could break in it is sick. But you at least want to make it difficult for them to get in through the front door.
Of course this is all script side prevention measures. There are so many other ways that hackers could break in it is sick. But you at least want to make it difficult for them to get in through the front door.