A question mainly for web developers.
When you develop web applications and add an admin area to it, how do you name it? Leaving it 'admin' is a bit out of fashion and insecure.
Mind sharing any other nouns, verbs, adjectives or whatnot, that holds the title of any websites you know/can think of.
I won't use /admin/ because it is too obvious, but I don't really see why it matter what you call it.
The one thing I do though is make sure it can change that url anytime just by changing one config variable.
I'd rather not have people know what I use, because it's a lot harder to gain access to a backend area when you don't even know where it is :)
I call mine Administrator, as I typically map up folders to the various user roles within the application. I realize that isn't obscure, but the folder (and code behind pages for that matter) are properly locked down so anonymous users or those without proper authorization cannot view them.
If you have real security protecting the admin area, it should not matter what you call it. Security through obscurity is a bad idea.
Sometimes I use things like /controlpanel/ or similar, and sometimes /admin/ or /_admin/, it doesn't hurt to use something hard to guess, but your security should not in any way rely on that.
A little bit of security by obscurity can at least stop a few attacks, but it doesn't take long for a half way competant attacker to find out where it is, not to mention the disgruntled ex-employee factor etc. At best it will only stop the attackers that shouldn't be a problem in the first place.
I stick the admin pages in the same directory as the normal user pages. If they guess the URLs, so what? They just get an Access Denied message and waste their time since it's open source anyway.
Security by Obscurity is false security.
I call mine /HackTheSiteHere.
By our company standarts for more important projects we use some random symbols sequences. 6-8 symbols length. Sometimes also I like to leave admin folder with fake login form. I'm using it to spy malicious users and collect information what they are tryng to do :-)
I prefer not to maintain a separate admin area in addition to the main site at all. I rather display different options and actions available depending on the role/level and ACLs of the logged in user.
And yes, security through obscurity is a bad idea!