I am using the ION Auth library for Codeigniter. For security purposes, should I change the default URL/Controller from "/auth" to something that's unknown and more difficult to guess?
A:
The "default controller exists purely as an example, you should not assume it is perfect.
That said changing it would be pointless. As soon as you provide a "login" link you would be telling people where it is...
The salts and encryption should be strong enough to keep people out. If you are REALLY worried about security, set up HTTPS.
Phil Sturgeon
2010-10-25 09:34:07
What If I am the only person logging in to my application?
Kory
2010-10-26 05:44:37
Then perhaps, but if you are the only person logging in why not just use HTTP authentication or a single if($this->input->post('password') == 'supersecret')) ?
Phil Sturgeon
2010-10-26 10:47:28
I started out thinking I would have two controllers, one for users in which case it would be public so changing its name would be pointless (as you said), and one for administrators in which myself and 1 or 2 people would have access to. So in the case of the admin controller I wondered if it would be good to change it from admin to something else but I think you've already answered this so thanks.
Kory
2010-10-26 20:00:27
A:
You beat me to this Phil ;)
One other thing to add, I recommend creating routes for better URLs. So I map standard functions like login and logout; for example, auth/login maps to just /login.
Ben Edmunds
2010-10-25 21:58:40