Designing a user content website and the question is for the admin section, from a security point of view, where should it be placed?
goal is prevent anyone from knowing about the admin section and to keep it locked as much as possible.
Thanks
Actually I work on a system that uses a separate subdomain, and there's a whole another ASP.NET project dedicated for the Admin section of the parent domain.
This has many advantages for us. Some of them are:
Well, as a basic rule, I'd say it doesn't really matter. Your login form needs to be secure, whether it's exposed or not.
However, I understand the desire to keep the admin area hidden in any case. I personally like this variant the best:
same domain and allow admin to enter site like other users from signin form using admin email
because it doesn't leave any traces on the client computer that are easily detectable (like "admin.example.com" or "example.com/super-secret-admin-area").
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.