Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: What do you do to secure "/textpattern"?
driz wrote:
Hey artagesw How could you have textpattern at admin.domain.com/ but your site at domain.com/ ?
My method requires a few changes to the core code, so it is a bit involved. (My mods also allow for multi-site support from a single txp install.) I’m talking with the txp devs about whether it would make sense to incorporate these changes into txp core, which would make it a much simpler process.
Meantime, as others have noted, if your host supports subdomain pointing then that would be the easiest way to go (along with a mod_rewrite or similar rule to block direct access to the /textpattern directory).
Offline
Re: What do you do to secure "/textpattern"?
ruud wrote:
“Anyone who might be listening”… that requires access to a router on the path from your computer to the server where TXP is installed. Sure, it’s possible, but a bank is typically a more interesting target than the average TXP install. POP3 also works with plain text authentication, but you rarely hear about intercepted user/pass there. I think the risk of a dictionary attack on weak user/pass combinations is greater than someone being able to sniff the user/pass due to the use of a non-secure connection. And using SSL doesn’t prevent a keylogger from grabbing the username/password when you enter it on your own computer nor does it protect users from phishing attacks.
Hi Ruud,
Some installations will require that all user logins be secured via SSL as part of a company-wide or corporate policy. For example, we use Textpattern in a corporate environment where this is mandatory. These same environments certainly prohibit use of unsecured protocols like POP3/plaintext as well. So, it would be nice if Txp accommodated these types of installations in as simple a manner as possible.
Offline