Drupal & Ubercart secure admin side? Is this possible?
I have a dilemma/problem. I've built a Drupal & Ubercart site (Drupal 5.x and latest stable of Ubercart) and it's working perfectly. However I now have run into a situation where access to the admin side of the site needs to be accessible (according to a new project spec) only at one IP/location. Admins should not be able to login to the site from any location but only from this one specific IP. However all the regular site customers can still login from any computer and check order status, etc.
Is this possible with one Drupal/Ubercart site? Is there a module that can do this? Or do people suggest building a separate site for admins? But how would this admin site work with the original site db?
Any ideas or suggestions? If it's not possible how do you suggest I go about trying to convince the project directors that the site will be secure and that admins can't mess up the site when they are off-office location? Is there anything to do to prove it's secure? I'm currently meeting PCI compliance and securing the entire site according to Ubercart/Drupal specs.
Help! Any suggestions are most welcome.
Thanks in advance.
-backdrifting
I've not used it, but take a
I've not used them, but take a look at the http://drupal.org/project/restrict_by_ip and http://drupal.org/project/ip_login modules.
===
"Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime." - Lao Tzu
"God helps those who help themselves." - Ben Franklin
"Search is your best friend." - Worldfallz
Thanks ... didn't work though ...
Thanks for the suggestions. I tried both modules. Restrict_by_ip doesn't work. I enter IP addresses but it still allows me to login as that user. So that's no good.
I tried ip_login and that works but the module performance/functionality is odd. I don't want the user to just be logged in automatically at their IP. I definitely want the control.
I'll keep looking around but these 2 modules won't cut it.
-backdrifting
This sounds like a problem
This sounds like a problem best solved by a small custom written module. It should not take more then a few hours to code it up. As someone with a fair understanding of computers, coding, and computer security (My last job was as a computer security consultant for the FBI) I don't think this will actually add any additional security to the system. I do think it will limit your admin's ability to do his job. I don't know any way to convince your PHBs of this position because I think they are making their decisions based on fear and ignorance and they are uninterested in learning, only in protecting their corporate tushy. If I were you, I would hire someone to write it, bill them, and go on with your life.
Peace,
-Andy