tags:

views:

88

answers:

7
+6  Q: 

What is the most secure way to setup an admin area in PHP?

Recently I have been contemplating the most secure way to setup an admin area on a website. The two options that I was toying with are,

  • Create the admin area as part of the main site, require them to register first using their email address as their username, and set them up with an admin level.
  • Create a completely separate admin area from the website in which users would not have to register with, but instead would be setup by another admin.

I realize that if I setup the admin area separate from the site, this would require the user to discover that the admin panel is there before they could even try getting into it. How much security does that add?

However, forcing them to register with an email address on the main site ties their account to an email address which I would think helps security a little bit? But putting the admin area on the main site makes it easier to hack, because all the user would need to do is find one bug in the system right?

I guess I could see positives and negatives for both.

A: 

My rule of thumb is this (mostly):

After login, do administrators do stuff in site's design, or are they in some completely different "design" (like most CMSs's back-end). If they stay in the same design (AND site has possiblity to register for users), it makes sense to only create administrator-level accounts on main site.

If there is no option for users to register, have back-end in something like /admin/ and call it a day.

Also, being "hackable" depends on millions of factors, position of login of administrators IMHO not being one of the... well... important.

Adam Kiss  2010-10-01 13:54:08
+3  A: 

Check out this thread

Thariama  2010-10-01 13:54:56
I am not asking about how to secure it. Im asking which place is better to put it.
Metropolis  2010-10-04 15:45:39
option "completely separate admin area" is more secure
Thariama  2010-10-05 06:45:28
+1  A: 

You can also force them to use the separate admin website with an email adress existing on the main site. In fact, do both; add a flag on their main account that says "ok, this one is an admin". This way you can display an iframe on the mainsite that points to the admin site, and anyone connecting on the admin site would have to have this flag setup

Finally, don't forget single sign on; on connecting to any of the sites, create both cookies so they won't have to authenticate at both places (unless they have to by design)

samy  2010-10-01 13:55:18
A: 

Definetely it is better to keep separate admin part from the main site.

The first reason is what you said: users have to discover where it is first.

Another thing you could do is to grant access to your admin folder, for example using .htaccess, only to some ip addresses.

Parkyprg  2010-10-01 13:58:13
+3  A: 

I realize that if I setup the admin area separate from the site, this would require the user to discover that the admin panel is there before they could even try getting into it. How much security does that add?

This is what you would call "security through obscurity." Generally speaking its only going to stop the less persistent of hackers. For anybody who is that intent on hacking your site, this will only provide a momentary delay in their success.

Obscurity can still be useful when placed on top of an already otherwise-secure system, though. Use it to keep the average end user from seeing things they don't necessarily want or need to see.

Greg W  2010-10-01 14:00:59
A: 

By going for the "must be set up by another admin" option you will increase the chances of secure passwords. Better still, generate strong passwords for admins yourself and don't let them choose their own.

As Greg W pointed out, obscurity isn't worth much but is handy to use on top of an already secure setup. I don't think that separating out the admin area from anything else makes it more or less secure in itself - if you have unsecure code in the admin area you are at risk either way.

For general security advice I would recommend Chris Shiflett's site: http://shiflett.org/articles

Force admins to enter their password before updating any data - don't rely on their existing session credentials. http://stackoverflow.com/questions/328/php-session-security

Steve Claridge  2010-10-01 14:17:24
Yeah I have read his book. I loved it! Got a lot out of it.
Metropolis  2010-10-01 14:56:26
A: 

Using sandboxes.. creating non-visible decoy admin areas pointing nowhere like /admin /manage /administrator will entertain your hacker for a long time.

Also, try keeping the real admin folder out of the public folder (public_html, www).

These practices worked for me.

gustyaquino  2010-10-01 14:26:09

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases