views:

171

answers:

7

For the sake of simplicity I want to use admin links like this for a site:

http://sitename.com/somegibberish.php?othergibberish=...

So the actual URL and the parameter would be some completely random string which only I would know.

I know security through obscurity is generally a bad idea, but is it a realistic threat someone can find out the URL? Don't take the employees of the hosting company and eavesdroppers on the line into account, because it is a toy site, not something important and the hosting company doesn't give me secure FTP anyway, so I'm only concerned about normal visitors.

Is there a way of someone finding this URL? It wouldn't be anywhere on the web, so Google won't now it about either. I hope, at least. :)

Any other hole in my scheme which I don't see?

A: 

It could appear on the web via a "Referer leak". Say your page links to my page at http://entrian.com/, and I publish my web server referer logs on the web. There'll be an entry saying that http://entrian.com/ was accessed from http://sitename.com/somegibberish.php?othergibberish=...

RichieHindle
I won't link to any other site from the admin link, so it's no problem.
+12  A: 

Well, if you could guarantee only you would ever know it, it would work. Unfortunately, even ignoring malicious men in the middle, there are many ways it can leak out...

  1. It will appear in the access logs of your provider, which might end up on Google (and are certainly read by the hosting admins)
  2. It's in your browsing history. Plugins, extensions etc have access to this, and often use upload it elsewhere (i.e. StumbleUpon).
  3. Any proxy servers along the line see it clearly
  4. It could turn up as a Referer to another site
Adam Wright
+1 the fourth item is probably the one that's most likely to cause problems.
Joey
@Johannes Rössel: yet it's the one that the developer can influence the most by not rendering any external links on that page.
Joachim Sauer
RE #1: If your ISP is trying to hack into your system, they surely have many ways they can easilyi do that. It's like: If your bodyguard is part of the conspiracy to kill you, you're in deep deep trouble.
Jay
RE #2: If there's a browser plug-in on my desktop that's uploading my browsing history, I would think that's a major security problem of itself, or at least a privacy issue. I'd be interested in knowing about any plug-ins et al that do this.
Jay
+1  A: 

As long as the "login-URL" never posted anywhere, there shouldn't be any way for search engines to find it. And if it's just a small, personal toy-site with no personal or really important content, I see this as a fast and decent-working solution regarding security compared to implementing some form of proper login/authorization system.

If the site is getting a big number of users and lots of content, or simply becomes more than a "toy site", I'd advice you to do it the proper way

Arve Systad
+4  A: 

some completely random string which only I would know.

Sounds like a password to me. :-)

If you're going to have to remember a secret string I would suggest doing usernames and passwords "properly" as HTTP servers will have been written to not leak password information; the same is not true of URLs.

This may only be a toy site but why not practice setting up security properly as it won't matter if you get it wrong. So hopefully, if you do have a site which you need to secure in future you'll have already made all your mistakes.

Dave Webb
A: 

I don't know what your toy admin page would display, but keep in mind that when loading external images or linking to somewhere else, your referrer is going to publicize your URL.

innaM
+1  A: 

I know security through obscurity is generally a very bad idea,

Fixed it for you.

The danger here is that you might get in the habit of "oh, it worked for Toy such-and-such site, so I won't bother implementing real security on this other site."

You would do a disservice to yourself (and any clients/users of your system) if you ignore Kerckhoff's Principle.

That being said, rolling your own security system is a bad idea. Smarter people have already created security libraries in the other major languages, and even smarter people have reviewed and tweaked those libraries. Use them.

BryanH
Well, passwords are "security through obscurity": they're only secure as long as no one else knows them.I think the key difference between a password and a "secret URL" is that the URL could show up in various logs, as others have noted.That said, it's not that much tough to set up Basic Authentication. If Tom doesn't know how to do that, he's probably all around better off learning it than doing a "maybe it will work".
Jay
Security through obscurity arguably has an advantage over passwords, etc: A sufficiently skilled hacker can break into very secure sites. But if no one knows the URL exists, they're not going to try to hack it. Like, if I had a million dollars in gold that I wanted to protect from theft, a secure safe would be a good idea, but a skilled thief could probably break into it. But if no one knows I have the pile of gold, then they won't even come looking for it.
Jay
A: 

If you change http into https, then at least the url will not be visible to anyone sniffing on the network.

Johan