[英]Admin section for website - security?
Designing a user content website and the question is for the admin section, from a security point of view, where should it be placed? 从安全的角度来看,设计一个用户内容网站,问题是管理员部分,应该放在哪里?
goal is prevent anyone from knowing about the admin section and to keep it locked as much as possible. 目标是防止任何人了解admin部分,并使其尽可能保持锁定状态。
Thanks 谢谢
Actually I work on a system that uses a separate subdomain, and there's a whole another ASP.NET project dedicated for the Admin section of the parent domain. 实际上,我在一个使用单独的子域的系统上工作,并且还有一个专门用于父域的Admin部分的整个ASP.NET项目。
This has many advantages for us. 这对我们有很多好处。 Some of them are:
他们之中有一些是:
Well, as a basic rule, I'd say it doesn't really matter. 好吧,作为一个基本规则,我会说这并不重要。 Your login form needs to be secure, whether it's exposed or not.
您的登录表单必须安全,无论是否公开。
However, I understand the desire to keep the admin area hidden in any case. 但是,我了解在任何情况下都希望隐藏管理区域的愿望。 I personally like this variant the best:
我个人最喜欢此变体:
same domain and allow admin to enter site like other users from signin form using admin email
同一域,并允许管理员使用管理员电子邮件从登录表单中像其他用户一样进入网站
because it doesn't leave any traces on the client computer that are easily detectable (like "admin.example.com" or "example.com/super-secret-admin-area"). 因为它不会在客户端计算机上留下任何易于检测的痕迹(例如“ admin.example.com”或“ example.com/super-secret-admin-area”)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.