Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Where to place backend administration tools?
1 point by pplante on Oct 11, 2009 | hide | past | favorite | 2 comments
I was curious how everyone here manages to secure the backend administration tools which control various aspects of your apps data. What I mean is where do you put the app that manages the data inside your app.

We were thinking of placing this app on a different domain with ultra-secure passwords, possibly accessible only via IP. The initial page would be totally non-de-script so any scans would just see a login screen. The ultra-secure passwords enforcement would help with brute force attacks, might even force passwords to be reset every few weeks.

What are your thoughts? Do you use VPN regulated access only? RSA secure keys?



I manage things by SSHing in to my server.


I do that now, but as I have other non-technical people beginning to use the project I need a way for them to manage accounts and other data we index.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: