Whats the general consensus with implementing an admin interface behind a web app? Please note, I'm not looking for an admin generator similar to Merb, RailsAdmin, Typus or other.
I'd like to know the following:
1) It is not necessary, however it is nice to have an interface to manage your data. This way you could have multiple admins, in which non of them actually have to touch the database/code via the console(for ease of use, security etc).
2) It's completely up to you, however localhost/admin may reduce the amount of complications with subdomains.
3) The namespace is generally admin, however once again... it is up to you. You could try to make it obscure, however please note: Obscurity is not a form of security.
4) Large applications/companies most certainly implement an admin interface for many reasons, one as I stated in 1). You can provide functionality to trusted people within your organization that don't necessarily have the technical skills to open up a console. This reduces the amount of messups(typos etc) and increase the amount of usability.
5) Having an admin interface that is public is inherently a potential security hazard. You could implement many techniques to help lower this hazard such as putting the admin section of the site behind a firewall/private intranet in which you can only access via VPN or when you are 'in the office' (ontop of the obvious techniques such as user authentication). Another solution if you can't put it behind a firewall/intranet is to limit the access to a whitelist of ip addresses.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With