I am very much stucked with an issue... My client is saying that his hosting provider told him that he should move the back end admin panel login from sitename.com/user to sitename.com/somenumer(345345)/admin
I made the website in Drupal... so the back end admin panel login is at sitename.com/user as Drupal does. Admin can log in there and make changes to his website as always. But, his hosting provider(I don't think so... may be some earlier person who used to work for him) told him that Drupal's user login can be hacked on the page sitename.com/user so he wants that to move to sitename.com/somenumber(35634)/admin... so that it becomes secure... :)
Now this is funny and I think that this will look funny to every drupaler... So, I just want you my friends to just fill this forum with whatever you can in next 2-3 days so that I can give a reply to my client and after wards he can copy that to his so called hosting provider...
I can do this by creating a page at so called url... sitename.com/somenumer(3245345)/admin... and placing a user form right there using CCK module... but who cares that will it make drupal more secure(hehhhehhahhehheaheheahea)... I am now fed up with him... as these type of conversations always go on with him(a kiddo)...
I reallly thank you all my friends for this... I just now want to finish the project and have the money we had agreed for this project...
Please please help me... write some good things... whatever you can... so that i can send a copy to my client...
Thanks
Edited by: VeryMisunderstood; Moved from hosting support to general discussion
Comments
=-=
even if you create an admin login at another location, an admin can stil login at the user path.
I don't get why anyone would believe that /user/ is more secure than /someother path/ to login. IMO, its all the same thing and doesn't make drupal any less secure than any other script that requires logins.
If the user (admin) uses a strong password all should be fine.
Thank you friend
This is what I am trying to explain him... and he is not understanding that at all... May be he can understand that but he is not trying to do so.
i think that the guy who
i think that the guy who said that drupal must change the admin login page is understanding the web more than ( yahoo , Nasa , FOX news , playboy.de , france 24 , ubentu ) and more than 1000 famous portals that use drupal and kept the login page as it done by drupal (( please ask him to make a post to explain his opinion ))
second thing the hacker can track and snif all the links in the site and can know the admin login page even if u change it so i think that the guy who said that ( must change the admin login page url ) does not know how hackers work :D
i do not know why he said that :P
Salam mean peace in arabic
mohd nashaat
abu3abdalla@gmail.com
mohdnashaat@msn.com
eng_abu3abdalla@skype
www.tajahdev.com
Thanks Brother!
I think you have explained that issue in much better way... this will really make him think what he is saying... thanks a lot! really thanks a lot!
No Way
there is no way to hack drupal's admin pannel from any url. url never make sense for hacking the system.
security of system is related to coding stranded and drupal's code is very secured .path of user log in box is not related to security any how.
so your client no need to worry about hacking.............
Thanks Brother!
Yes you are 100% right... I really welcome your comment on this forum brother... May be if this forum gets filled fully with comments then I can show my client that what he says is always wrong... and I always try to help him...
Many highly visible sites
Many highly visible sites (e.g. The Onion) display the user login if you append
/userto the base URL. That is sufficient evidence to me that obfuscating the login URL offers no benefits.