I need ways to securize my own php administration panel. I read here about some:
- A simple authentication using apache2.conf
- Using ssl to send encrypted passwords
- Host the tools on a completely seperate domain
- A proper robots.txt should also be used
- Using chmod 777 when i want to use and do a chmod 000 when i finish
But eachone has problems.
If i want to do it with apache2.conf, i must use ssl too. Only with this is it secured?
If i upload the tools in other domain and use robots.txt to “hide” them, could someone find them?
Using chmod is like “non-professional“
What do you use to secure your administration panel?
Sort of. If you don’t use ssl, passwords are sent over the net unencrypted if someone is listening in on your communication, they will know the password. That being said, it is usually impossible for someone to listen to your communication with the server unless one of the participating parties has already been compromised or you are communicating through an unsafe medium like unencrypted public wlan.
Yes, if they guess the URL. robots.txt just hides you from search engines, but it does not work for protecting your admin panel from unwanted access.
And unsafe. It means that whenever you are working on the admin panel, everyone else also can. Don’t do this.
Access control with Apache (either through the global config or an .htaccess file) with SSL. It may be a bit painful to set up at first, but for the given problem, it really is the only choice that makes any sense.