View Single Post
  #5  
Old 5th September 2009, 12:07
gwiz gwiz is offline
Junior Member
 
Join Date: Sep 2009
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default OK Then

I guess it's a Non-Issue then!

But it seems to me having ISP configured to only allow "ADMIN" access through a designated "DOMAIN" name rather than the IP would be added security.

Lets say you have a seller/client that's a little mischievous, and likes cracking passwords.

And he/she realizes they can log in as ADMIN if they crack your password.

Already have 2 out of the 3 steps needed since "admin" user name can't be changed (or can it?) and if they have an account through you - their domain resolves to your server - correct.

So - Rather than using their log in name - They decide to crack your password and log in as ADMIN - Could create havoc if you didn't notice or realize someone could gain access so easily.

So why not add one more safety feature, and make ADMIN LOG IN resolve to the actual 'domain name" rather than IP -- Gives the crackers one more challenge, in having to figure out the domain name & password to the admin control panel.
Reply With Quote