Clever Geek Handbook

Safe name for the site admin area url?

The question is mainly for web developers.

When you develop web applications and add admin area to them, what do you call it? Leaving it as "admin" is a bit out of fashion and unsafe.

A mind using any other nouns, verbs, adjectives, or whatever that contains the name of any website you know / can think of.

+1


source to share


9 replies


If you have real security protecting the admin area, it doesn't matter what you call it. Security through obscurity is a bad idea.



+15


source


Obscurity protection is false protection.



I call mine / HackTheSiteHere.

+4


source


Sometimes I use things like / controlpanel / or similar, and sometimes / admin / or / _admin /, it doesn't hurt to use something hard to guess, but your security should in no way rely on that.

A little security from the unknown can at least stop a few attacks, but it doesn't take long for an attacker's midfielder to figure out where he is, let alone a disgruntled former employee, etc. Best of all, this will only stop the attackers, which shouldn't be the problem in the first place.

+1


source


I won't use / admin / because it's too obvious, but I really don't understand why it matters what you call it.

The only thing I do is make sure that he can change this url at any time, just by changing one config variable.

I would prefer people not to know what I am using because it is much more difficult to access the backend zone when you don't even know where it is :)

0


source


I like to use "super"

0


source


I call my Administrator as I usually collect folders for different user roles in the application. I realize this isn't all that confusing, but the folder (and the code behind the pages, for that matter) is properly locked, so anonymous users or those without proper authorization can't view them.

0


source


I am sticking with admin. Why is it unsafe? I authenticate the user anyway.

0


source


I am attaching admin pages in the same directory as regular custom pages. If they guess the URLs, then what? They just get an Access Denied message and waste their time because they open the source anyway.

0


source


I prefer not to maintain a separate admin area in addition to the main site. I prefer to display the different options and actions available depending on the role / level and ACL of the logged in user.

And yes, security through obscurity is a bad idea!

0


source






More articles:


All Articles