Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other How to secure your own Control Panel Re: How to secure your own Control Panel

#135299
Argeaux
Participant

The way the login is made is important for safety:

You should encrypt the admins passwords with something like bcrypt instead of md5 or even no encryption. And also use a salt on your passwords. It can also be useful to throttle the number of logins someone can do. So after 3 or 4 wrong attempts block the user for a few hours. This way it’s harder to do a dictionary attack to guess the passwords.

The queries you use should be escaped properly to make sure people dont mess up your database. Or used prepared statements in pdo or mysqli.

You should also use csrf-protection for your form. (google it for more info!) Last but not least, make sure your admins use good passwords and not 12345 or admin admin.

Also a problem which you will probably are gonna face now is that a user will edit a page and accidentally removes some of the text and hit submit. He or she will realize that it was important information and its forever gone because you update or delete it directly on the database. This can be solved by using versions of your data in the database which you can roll back or make users save something temporarily and they have to do an action to make it “live”.

Hope this helps a bit :)