How do I obtain personal usage admin form in Heroes? This is the way to manage the site - edit master (or static) data, settings, etc. Generally I can not disclose them normally to the internet anytime and in order to manage internal privileges, simply apply basic account security on the app.
What are the things I am thinking about?
- Should https be safe when using authlogic?
- Is it possible (How to) do you require SSL on some routes to configure your webserver?
- Is Athletic + SSL adequate to secure a page, which has compromised, can destroy your entire business?
- Is the Hekuki's Administrator Account Security for him
- I think that managing the site using PG Console requires security, but I do not need it.
I do not have a rail, or Heroko, a world of knowledge, but my point is If your site is already required authentication , go ahead and add the authorization piece for your administrative user (s) that only your admin page (pages) Allow access. Check out for authorization.
If only your administrator page (administrators) need administration, you can certainly use AuthLogic to run to ensure that any identification user is reaching those admin pages .
- I think of SSL as a transport concern and it is unlikely that the need for the Ophthalmic will be that it is being said that you have ever passed Around the sensitive data, the password, then I would consider a requirement SSL if the app is protecting your grandma cookie recipe, you can leave the experience and leave the SSL implementation.
- I may be wrong on this, but SSL is for a complete site / domain if your Admin Page (s) is hosted on a separate site / domain then it can work.
- AuthLogic + SSL should be secure enough - an administrator user has got his password cut (sticky notes, emails etc.) You will have a compromise in any security if you "deleted", you mean that If sensitive customer data leaks, then liability insurance can be lower. If you mean that your site will be reduced, then insert your site into back-up / online (ASAP) and in the distester retrieval procedures to invalidate existing administration credentials?
- Josh (fully on my head)
- Josh (fully on my head)
HH, P> Z
- I think of SSL as a transport concern and it is unlikely that the need for the Ophthalmic will be that it is being said that you have ever passed Around the sensitive data, the password, then I would consider a requirement SSL if the app is protecting your grandma cookie recipe, you can leave the experience and leave the SSL implementation.
Comments
Post a Comment