[ic] Moving the admin interface to a different url

Sat Nov 17 19:22:48 EST 2007

On Saturday, November 17, 2007 10:14 PM Jon Jensen wrote:

> It's surprisingly hard to keep a URL secret these days. You can leak a
> "private" URL to the world by many methods:
>
> 1. Follow an offsite link, and the referrer ends up in the next site's
> logs, often visible to the world in traffic reports or to Google via
> Google Analytics, etc.
>
I understand what you mean by "offsite link", but nevertheless I don't 
believe there should be any situation where our admin URL would appear as 
referrer, offsite link or not.

> 2. Browser plugins may leak history information to other sites.
>
True, though I'd like to think that no reputable plugins should or would. 
Needless to say I ensure that Google Toolbar is not installed on any of our 
PCs  :-).  Even so, whilst I appreciate Google Toolbar "leaks" information 
to Google I would still be a little surprised if this went so far as 
"secret", orphaned URLs finding there way into Google's search engine by 
this means.  I am sure there are conspiracy theories out there that suggest 
this is exactly what happens, and maybe they are true, but I'd like to think 
it's not quite that bad :-)

> 3. Spyware may leak URLs to Bad Guys or to some search engine-indexed
> page.
>
Very true.  Hopefully I don't have any of that :-o :-)

> 4. If you email the URL to a co-worker or whoever, their email
> provider may snoop on their data (perhaps automatically, as Google
> does in Gmail for targeted advertising), or #1, #2, or #3 above may
> apply on the recipient's computer.
>
True.  But again, whilst I accept the "secret" url could be leaked this way, 
I would still like to think that it wouldn't make its way as far as someone 
elses web log as the referring url, or as part of a Google analytics trail 
on someone elses website, or more importantly into Google's search engine 
database.

>
> Obscurity isn't security, but it's not worthless, either.
>
I agree, absolutely.  And I suppose what I am saying is that if used with 
care an obscure URL is far more worthy than worthless.  I can't help but 
feel that one is almost inviting script kiddies and malicious folk to have a 
pop at a dictionary crack if your admin page sits at an obvious URL.  And 
it's the denial of service implications of that which concern me more than 
the unlikely chance they will succeed in gaining entry.

Conversely, it just doesn't seem to make sense to me to use a standard 
location for an admin page when a non-standard location could be used just 
as well.  To change its location just seems a sensible thing to do to me, 
which is why I think it is a shame the UI_ADMIN (or whatever it was called) 
has disappeared.

If it wouldn't be that difficult to replace any hardcoded references to 
/admin then, as you can see :-), I think it would be worthwhile 
reintroducing the UI_ADMIN variable.  Do you not agree? :-)

Anyway, thanks for your reply and the heads up on potential sources for url 
leaks. 