I notice that the login of the admin in Gossamer Community is in the same page as the user login. It is very risk and not protect. Is there an option to change it?
Aug 8, 2005, 4:46 PM
Veteran (2312 posts)
Aug 8, 2005, 4:46 PM
Post #2 of 4
Views: 2438
Yes, it is IMHO risky. Very risky.
Since the login of the admin in Gossamer Community is on the same page as the user login, my opinion is that it may be target of hacker attacks. I noted this several times to Alex & GT staff, but I don't see any intention to change this behaviour.
Alex made some LSQL security related notes in his last announcement: Check your admin passwords.
I also replied to these warnings in another thread:
[Security suggestion] Check your admin passwords
Fortunately in GCommunity there are some options which makes the task of hackers difficulter...
You can change the username of the admin, and also you can restrict admin login from some specific IPs.
Having the hacker guess not just the password, but also the admin username, is much-much difficulter. Also the ability to limit the admin ability to some IPs, also gives more security.
However I still feel uncomfortable to have my admin login form disposed to the public, allowing the possibility for anybody to try to hack into the admin interface.... Brrrr.
IMHO, the admin interface path should be always unique (different for each application install). This gives additional security for the site owner, and makes possible for him/her to avoid hacker tools finding the installation (as a potential attack target).
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Since the login of the admin in Gossamer Community is on the same page as the user login, my opinion is that it may be target of hacker attacks. I noted this several times to Alex & GT staff, but I don't see any intention to change this behaviour.
Alex made some LSQL security related notes in his last announcement: Check your admin passwords.
I also replied to these warnings in another thread:
[Security suggestion] Check your admin passwords
Fortunately in GCommunity there are some options which makes the task of hackers difficulter...
You can change the username of the admin, and also you can restrict admin login from some specific IPs.
Having the hacker guess not just the password, but also the admin username, is much-much difficulter. Also the ability to limit the admin ability to some IPs, also gives more security.
However I still feel uncomfortable to have my admin login form disposed to the public, allowing the possibility for anybody to try to hack into the admin interface.... Brrrr.
IMHO, the admin interface path should be always unique (different for each application install). This gives additional security for the site owner, and makes possible for him/her to avoid hacker tools finding the installation (as a potential attack target).
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Aug 9, 2005, 8:56 AM
User (218 posts)
Aug 9, 2005, 8:56 AM
Post #3 of 4
Views: 2427
there is another issue which is quite risky and I do not know how to change it:
I wanted to change my "admin-username" within G-Community from "admin" to something different.
But I did not see any possibility to do this.
Please help.
Erich
I wanted to change my "admin-username" within G-Community from "admin" to something different.
But I did not see any possibility to do this.
Please help.
Erich
Aug 9, 2005, 11:43 AM
Veteran (2312 posts)
Aug 9, 2005, 11:43 AM
Post #4 of 4
Views: 2425
Go to Setup/Password menu.
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...