Gossamer Forum
Home : Products : Others : Gossamer Community :

security issue

Quote Reply
security issue
I notice that the login of the admin in Gossamer Community is in the same page as the user login. It is very risk and not protect. Is there an option to change it?

Quote Reply
Re: [nir] security issue In reply to
Yes, it is IMHO risky. Very risky.

Since the login of the admin in Gossamer Community is on the same page as the user login, my opinion is that it may be target of hacker attacks. I noted this several times to Alex & GT staff, but I don't see any intention to change this behaviour. Shocked


Alex made some LSQL security related notes in his last announcement: Check your admin passwords.

I also replied to these warnings in another thread:
[Security suggestion] Check your admin passwords


Fortunately in GCommunity there are some options which makes the task of hackers difficulter...
You can change the username of the admin, and also you can restrict admin login from some specific IPs.
Having the hacker guess not just the password, but also the admin username, is much-much difficulter. Also the ability to limit the admin ability to some IPs, also gives more security.

However I still feel uncomfortable to have my admin login form disposed to the public, allowing the possibility for anybody to try to hack into the admin interface.... Brrrr.


IMHO, the admin interface path should be always unique (different for each application install). This gives additional security for the site owner, and makes possible for him/her to avoid hacker tools finding the installation (as a potential attack target).

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Quote Reply
Re: [nir] security issue In reply to
there is another issue which is quite risky and I do not know how to change it:

I wanted to change my "admin-username" within G-Community from "admin" to something different.
But I did not see any possibility to do this.


Please help.


Erich
Quote Reply
Re: [erichcyber] security issue In reply to
Go to Setup/Password menu.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...

Last edited by:

webmaster33: Aug 9, 2005, 11:51 AM