4571 Posts in 1384 Topics by 1376 members
|Go to End|
16 January 2010 at 1:16pm
I don't have a solution, I think it's hardcoded in Sapphire that the administration of the cms maps to an url like http://yoursite/admin/ .
So i think you will have to do a lot of "core-hacking" to do this with SilverStripe.
As an example here is a snippet from sapphire/core/control/ContentController.php , line 226:
$cmsLink = 'admin/show/' . $this->dataRecord->ID;
16 January 2010 at 4:06pm Last edited: 16 January 2010 4:10pm
you might want to try Director::addRules() to map "myself" to "admin". to prevent access to "admin" try adding a rule to your .htaccess.
but imo that gives you a false sense of security. the hacker that is smart enough to hack your password protection is surely smart enough to find your custom login form. silverstripe is very secure. if you have serious concerns, post a description of the exploit to email@example.com.
21 September 2010 at 2:12am
yes, but this presumes an attacker is trying to attack your specific site rather than some script kiddie hitting random '/admin' pages and trying common passwords. although 'security by obscurity' is supposed to provide a false sense of security it is a good deterrent against being hit by a script kiddie. best to remove the low-hanging fruit. by looking at the logs of any site you'll see '/admin' and 'phpmysql' being hit constantly.
with that said, I'm also looking to change my admin URL myself (hence finding this thread), does anybody have a functioning example of this? I don't see how an htaccess redirect wouldn't interfere with anything established by director:addrules - but I'm also not very familiar with director...
27 September 2010 at 4:09am
|Go to Top|