1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lack of Interest Admin pages URL results in a login or 404

Discussion in 'Closed Suggestions' started by Marcel, Sep 7, 2013.

  1. Marcel

    Marcel Active Member

    I apologise if this isn't in anyway a suitable suggestion, or I'm talking out of my inexperienced backside :D

    Just doing some testing on an addon, and I mistakenly mistyped an admin URL and noticed something.

    If I browse to

    admin.php?banners/add

    while not logged in, I get a login request

    If I browse to

    admin.php?banners/nonexistent

    Then it gives me a specific 404.

    WRT to security. Yes "banners" is quite generic, but if a security risk was found in a particular addon, this would be a way to confirm the existence of said addon in an installation wouldn't it?
     
    Liam W likes this.
  2. Liam W

    Liam W Well-Known Member

    I would say you're right but the admincp should really be htaccess protected anyway, nullifying this issue/suggestion :)

    Liam
     
    Marcel likes this.
  3. Marcel

    Marcel Active Member

    That is a fair point of course :)
    I'm just a suspicious old bugger :D
     

Share This Page