IMO, in 1.6 users should have the ability to change admin file location from board settings. Just a thought for security reasons and would cut down on a lot of hacking attempts trying to be made through the MyBB default admin location. My 2 cents. I've done this for a long time and it works excellent. I've seen in my logs before people trying to access the default admin location with of course no success because it's just not there
Kind Regards
You can change it from your config.php.
I know you can change config Ryan.
Anyone who downloads MyBB has no clue they can do this file editing to config (Unless they look for this specific feature or have previous knowledge). Thus hiding a great safety feature that should be being promoted right in the software. This encourages users to do something about additional safety. It will Save MyBB and end-users a lot of problems by just including it in the Admin panel for easy access and explantion.
Thats when you google search "Change MyBB admin dir"
However, it would be easier your way.
I agree this would make it easier for admins to change it, however, if the admin folder has the file permissions to change the directory name via a script, wouldn't that open it up to exploits if the directory name was discovered?
(2009-09-07, 10:46 PM)Scoutie44 Wrote: [ -> ]I agree this would make it easier for admins to change it, however, if the admin folder has the file permissions to change the directory name via a script, wouldn't that open it up to exploits if the directory name was discovered?
The admin directory is already discovered automatically by default. Always has been. I believe the risk is greater by having a default admin location than having a custom one, thus making it worth the extra effort to maintain. All I'm suggesting is to increase the chance a hacker wont be able to find the directory.
What's safer however, to change it by config or by Admin panel is the question this really comes down to. Of course the admin panel is a greater risk because now the information is in a database. However, to reach a larger number of users for that additional safety of changing the directory location will be of a bigger advantage in the long run. Plus the noobs and people that don't have programming experience will be able to figure this out much faster saving the staff and community time and effort. In the end making MyBB much more user firendly for beginning admin and supplies an additional security measure.
Regards
It's safer to change the config. Having the option might be a problem if someone hacks into the admin cp and changes the folder name there. Of course you can see it on your ftp client but mostly it's just the site admin that has that ability.
Really difficult to do, for marginal benefit.
Get get into the admin panel, you need an admin password. If an attacker has one, they can just log in normally and find the link leading to the AdminCP. And I don't think MyBB wants to turn off this link by default.
I agree to this supposition, but as Martin said , Its more easy to alter the URL of /admin/ from config.php file. <--- This method is easy and safe.