Gossamer Forum
Home : Products : Gossamer Links : Discussions :

[Security suggestion] Check your admin passwords

Quote Reply
[Security suggestion] Check your admin passwords
This is a reply to the following Announcement post of Alex:
Check your admin passwords


Alex,

I posted several times, that there is a serious need to be able to rename the default admin.cgi script name and the admin directory name.
This can be a secondary security protection against the hacker bots, which are looking for LinksSQL installations, and try to locate and do dictionary and security hole attacks against the admin.cgi.
As I remember, the admin/admin.cgi path currently is hardcoded into scripts and templates. This should be changed to be variable based, so the site owner would be allowed to rename admin directory & script name.

For example would be possible to hide the admin interface from prying eyes like this:
/adm843/639admin.cgi
or
/sec_admin_kjhl/secure_admin_lkwjf.cgi
or
/admindir/admin8364.cgi
etc...

This kind of solutions could highly increase admin interface security.
Could be even more comfortable, if on the admin Setup page there would be a tool, which could rename the admin directory, rename admin.cgi upon fillin a small form, and do changes in the config.
Also in the LSQL installer could be an option to change admin directory name, and admin.cgi name (userful for new users, new installations).


Alex, if you are worrying about security of LSQL admin interfaces, then please put this feature to the first place of your TODO list!!!

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Subject Author Views Date
Thread [Security suggestion] Check your admin passwords webmaster33 7619 Aug 6, 2005, 6:56 AM
Thread Re: [webmaster33] [Security suggestion] Check your admin passwords
modifier 7472 Aug 25, 2005, 12:55 PM
Thread Re: [modifier] [Security suggestion] Check your admin passwords
modifier 7503 Aug 25, 2005, 1:00 PM
Thread Re: [modifier] [Security suggestion] Check your admin passwords
Soft 7386 Aug 30, 2005, 10:20 AM
Thread Re: [Soft] [Security suggestion] Check your admin passwords
modifier 7373 Aug 30, 2005, 12:06 PM
Thread Re: [modifier] [Security suggestion] Check your admin passwords
The-o 7338 Aug 30, 2005, 11:31 PM
Thread Re: [The-o] [Security suggestion] Check your admin passwords
modifier 7375 Aug 31, 2005, 1:26 AM
Thread Re: [modifier] [Security suggestion] Check your admin passwords
The-o 7320 Aug 31, 2005, 7:33 AM
Thread Re: [The-o] [Security suggestion] Check your admin passwords
modifier 7326 Aug 31, 2005, 10:39 AM
Thread Re: [modifier] [Security suggestion] Check your admin passwords
cuppa 7274 Sep 2, 2005, 4:57 PM
Post Re: [cuppa] [Security suggestion] Check your admin passwords
rascal 7260 Sep 2, 2005, 11:39 PM
Post Re: [modifier] [Security suggestion] Check your admin passwords
Soft 7376 Aug 30, 2005, 10:18 AM