Change the default Composite C1 admin url for security - best practice
Since C1 has a standard admin path ~ / Composite / top.aspx this is a simple vector for an attacker to focus efforts.
Is there a way to redo a better way - either by changing the name of the top.aspx file or the folder, without breaking the code and not reporting the license agreement?
This might seem like a good idea for all installations.
+3
source to share
1 answer
This might seem like a good idea for all installations.
Not really. You are offering security through obscurity , not the best approach.
I would prefer that / Composite Backend Login be available only for certain IP addresses (i.e. the IP address of the site administrator and any editors), or configure additional HTTP password authentication on the web server for this area.
+2
source to share