Since I published my website address in my signature, I get sometimes possible hacking attempts to find GT applications on my site, especially the admin.cgi file. Interesting, eh?
Once the admin.cgi can be safely renamed, this hacking danger goes away. Thanks to this, I was able to avoid hacking attempts until now.
However in GCommunity, the admin login interface is not separated from user login interface. Hacker just goes to community.cgi and can start hacking.
It is a good point, that the admin username can be changed to anything you want.
I know, I suggested already the user & admin login interface separation. Now I just wanted to mention these facts above, and my final thoughts below...
IMO, an admin login needs the following features:
1) ability to login admin through a different place, like user login, e.g. admin.cgi
2) ability for user to rename admin.cgi, to even stop hacking attempts at the beginning (by default, admin.cgi is fine)
3) admin username should be changeable (yes, this is available already)
4) ability to set secure SSL URL for admin.cgi in community.conf, like this:
$admin_cgi_name = "admin.cgi";
'secure_admin_cgi_url' => 'https://www.site.com/cgi-bin/gcomm/<%admin_cgi_name%>'
5) additionally allowing the user on login page to choose wether he/she wants to login through secure SSL or normal connection, would be a very good point (the solution, how the login was solved on www.sourceforge.net is a reference (at least for me), which shows how to do something in a good way, and GCommunity - not necessarily - but may follow this example.)
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Once the admin.cgi can be safely renamed, this hacking danger goes away. Thanks to this, I was able to avoid hacking attempts until now.
However in GCommunity, the admin login interface is not separated from user login interface. Hacker just goes to community.cgi and can start hacking.
It is a good point, that the admin username can be changed to anything you want.
I know, I suggested already the user & admin login interface separation. Now I just wanted to mention these facts above, and my final thoughts below...
IMO, an admin login needs the following features:
1) ability to login admin through a different place, like user login, e.g. admin.cgi
2) ability for user to rename admin.cgi, to even stop hacking attempts at the beginning (by default, admin.cgi is fine)
3) admin username should be changeable (yes, this is available already)
4) ability to set secure SSL URL for admin.cgi in community.conf, like this:
$admin_cgi_name = "admin.cgi";
'secure_admin_cgi_url' => 'https://www.site.com/cgi-bin/gcomm/<%admin_cgi_name%>'
5) additionally allowing the user on login page to choose wether he/she wants to login through secure SSL or normal connection, would be a very good point (the solution, how the login was solved on www.sourceforge.net is a reference (at least for me), which shows how to do something in a good way, and GCommunity - not necessarily - but may follow this example.)
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...