Surely you're not telling me people running Lighttpd or nginx run a bad server?
But that wasn't what you said:If you are on a web server that doesn't offer directory or file protection, yeah .. lighttpd and nginx offer that.
People on bad hosting, don't have .htaccess
Security by obfuscation is ineffective IMHO.I'd assume that the admin.php file can be renamed... (assuming that references to admin.php in the code are done via a PHP variable similar to vBulletin). You could make it as inconspicuous as faq.php with some generic FAQ text for unauthorised users or you could even rename it 404.php then add some extra security like showing a 404 page if the user's usergroup isn't admin...
possibilities are endless!
Obfuscation stops blind attempts to attack your admin panel. I find obfuscation provides slightly more protection than not bothering.Security by obfuscation is ineffective IMHO.
People on bad hosting don't have .htaccess != People who don't have .htaccess are on bad hostingBut that wasn't what you said:
I think he was just playing.People on bad hosting don't have .htaccess != People who don't have .htaccess are on bad hosting
There are hosts out there that, although they run on Apache, don't allow their shared hosting customers to use .htaccess files.
Or to put it another way:
It's always cold when it snows. But that doesn't mean it always snows when it's cold.
On the internet I have found that one can never know for sure about that. lolI think he was just playing.
I was.I think he was just playing.
I'll try to be more obvious next time.On the internet I have found that one can never know for sure about that. lol
Security by obfuscation is ineffective IMHO.
If you are on a web server that doesn't offer directory or file protection, yeah .. lighttpd and nginx offer that.
Yes, and like all black-and-white arguments, this one is getting pretty stale.Trying to accomplish security through obscurity?
We use essential cookies to make this site work, and optional cookies to enhance your experience.