KT Walrus Posted August 28, 2009 Posted August 28, 2009 Maybe I missed it, but I'd like to have a separate password for the Admin CP from the forum password for the admin account. I know I could probably just create a separate account for accessing the Admin CP, but it is more convenient to admin both the board and the Admin CP from the same account. Since you have to log into the Admin CP from a special login page, it makes sense to me that the Admin CP password be completely separate from the board password.
mld11 Posted August 28, 2009 Posted August 28, 2009 So, you wish to have a different primary login? Just use .htaccess. I could never get it to work on a linux dedicated server, but I know they work with cPanels, etc.
KT Walrus Posted August 28, 2009 Author Posted August 28, 2009 [quote name='Dark Slipstream' date='28 August 2009 - 01:02 PM' timestamp='1251478931' post='1849865'] So, you wish to have a different primary login? Just use .htaccess. I could never get it to work on a linux dedicated server, but I know they work with cPanels, etc. Not really. I just want my Admin CP password to be different than my board password. That's all. I already protect my admin cp using the webserver. I suppose I could add HTTP authentication for the webserver, but it would be simpler to just store the admin cp passwords separately and let me change this password independently of my board password.
AndyF Posted August 28, 2009 Posted August 28, 2009 I've thought about something slightly along those lines, there are a couple of small modifications about that add another password input to the actual ACP login (so you need your usual password and another separate one too) Although if a hacker got control of the filesystem, this is moot really.
bfarber Posted August 28, 2009 Posted August 28, 2009 I don't really see any advantage to this myself. Further, it would probably annoy the majority of users, or they would set the password the same.
Ryan H. Posted August 28, 2009 Posted August 28, 2009 An .htaccess password would be easier and more effective in keeping out unwanted people than giving a second, separate ACP password.
AtariAge Posted August 28, 2009 Posted August 28, 2009 [quote name='No1 1000' date='28 August 2009 - 02:31 PM' timestamp='1251487866' post='1849919'] An .htaccess password would be easier and more effective in keeping out unwanted people than giving a second, separate ACP password. That as well as renaming your admin directory and restricting it to valid IP addresses through the .htaccess. ..Al
Ryan H. Posted August 28, 2009 Posted August 28, 2009 [quote name='AtariAge' date='28 August 2009 - 03:49 PM' timestamp='1251488960' post='1849929'] That as well as renaming your admin directory and restricting it to valid IP addresses through the .htaccess. ..Al Personally, that seems rather excessive, especially with the existence of dynamic IPs. If someone manages to get through the htaccess protection, you've got bigger problems to deal with. Is it still possible to rename the directory in 3.0?
Mark H. Posted August 28, 2009 Posted August 28, 2009 [quote name='No1 1000' date='28 August 2009 - 02:53 PM' timestamp='1251489191' post='1849931'] Personally, that seems rather excessive, especially with the existence of dynamic IPs. If someone manages to get through the htaccess protection, you've got bigger problems to deal with. Is it still possible to rename the directory in 3.0? Yes, it is. And much the same way as before. Also, by adding htaccess protection (with a strong password) to the directory, I can't see how much more secure it would be to add yet another password to the mix.
AtariAge Posted August 28, 2009 Posted August 28, 2009 [quote name='No1 1000' date='28 August 2009 - 02:53 PM' timestamp='1251489191' post='1849931'] Personally, that seems rather excessive, especially with the existence of dynamic IPs. If someone manages to get through the htaccess protection, you've got bigger problems to deal with. Is it still possible to rename the directory in 3.0? I don't have an additional password on my admin directory, but I do have it restricted to the IP addresses I use. Why is that excessive? Yes, you can easily rename the directory. ..Al
Mark Posted August 28, 2009 Posted August 28, 2009 [quote name='AtariAge' date='28 August 2009 - 08:49 PM' timestamp='1251488960' post='1849929'] That as well as renaming your admin directory and restricting it to valid IP addresses through the .htaccess. ..Al That makes the support techs angry :P
AtariAge Posted August 28, 2009 Posted August 28, 2009 [quote name='Mark' date='28 August 2009 - 04:38 PM' timestamp='1251495529' post='1849974'] That makes the support techs angry :P Yeah, it can be a pain. :) ..Al
Recommended Posts
Archived
This topic is now archived and is closed to further replies.