Announcement

Collapse
No announcement yet.

Real vb3 Admin Cp!

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Real vb3 Admin Cp!

    Yes.. this has probably been found but here's a real vb3 admin cp that is not htaccess protected (those damn dev's)

    Thanks for posting the link to your beta site Scott tee hee

    Link: http://beta.total-anime.com/admincp/

    - miSt
    Dean Clatworthy - Web Developer/Designer

  • #2
    Originally posted by Mist
    Yes.. this has probably been found but here's a real vb3 admin cp that is not htaccess protected (those damn dev's)

    Thanks for posting the link to your beta site Scott tee hee

    Link: http://beta.total-anime.com/admincp/

    - miSt
    The problem, we see an Login panel as we see much in the last time (ok this time with options )

    but we want to see whats behind

    edit: bahh, when entering something wrong the same crappy template that vb2 uses is also used.
    can't the errormsg been implementet in acp-style?
    The price of freedom is eternal vigilance!
    - Thomas Jefferson

    Comment


    • #3
      Originally posted by Xenon
      The problem, we see an Login panel as we see much in the last time (ok this time with options )

      but we want to see whats behind

      edit: bahh, when entering something wrong the same crappy template that vb2 uses is also used.
      can't the errormsg been implementet in acp-style?
      time to .htaccess that, bad people...

      the acp style could be used, but would require modification of login.php, perhaps converting it to a function and relying on the area that its from instead of looking at the referrer.
      Last edited by Scott MacVicar; Sun 8 Dec '02, 1:36pm.
      Scott MacVicar

      My Blog | Twitter

      Comment


      • #4
        Originally posted by Scott MacVicar
        time to .htaccess that, bad people...

        the acp style could be used, but would require modification of login.php, perhaps converting it to a function and relying on the area that its from instead of looking at the referrer.
        Why does everyone htaccess the admincp directory? What is there to hide?

        Comment


        • #5
          Originally posted by Total Cult
          Why does everyone htaccess the admincp directory? What is there to hide?
          There's nothing to hide. It's just an extra layer of security. There's no reason you need to go there unless your an administrator.

          Comment


          • #6
            Originally posted by Cary
            There's nothing to hide. It's just an extra layer of security. There's no reason you need to go there unless your an administrator.
            So you're saying that vB3's security is so crap it needs another layer? I don't remember there ever being such a trend for htaccessing admin directories for vB2.

            Comment


            • #7
              Originally posted by Total Cult
              So you're saying that vB3's security is so crap it needs another layer? I don't remember there ever being such a trend for htaccessing admin directories for vB2.
              Go reread by message. I never said that.

              Let's say someone finds out your password on a site in which you are an admin on. Without an htaccess they can delete all of your messages on the board. With one, it's very unlikely they'll even get logged into the Admin CP. (because the htaccess protects it)

              Comment


              • #8
                Don't worry, I still know one place where you can look at the vB 3 admin panel .
                MTG Salvation.com | Forums

                Comment


                • #9
                  Originally posted by Cary
                  Go reread by message. I never said that.

                  Let's say someone finds out your password on a site in which you are an admin on. Without an htaccess they can delete all of your messages on the board. With one, it's very unlikely they'll even get logged into the Admin CP. (because the htaccess protects it)
                  Hm. I interpret that situation as "vB3's security is so crap it needs another layer"

                  It shouldn't need any external stuff that may not be implemented on certain server software, the extra layer should be in vB itself.

                  Comment


                  • #10
                    Originally posted by Darth Cow
                    Don't worry, I still know one place where you can look at the vB 3 admin panel .
                    Thanks for that The options button doesn't do anything at all though...

                    Comment


                    • #11
                      Originally posted by Total Cult
                      Hm. I interpret that situation as "vB3's security is so crap it needs another layer"

                      It shouldn't need any external stuff that may not be implemented on certain server software, the extra layer should be in vB itself.
                      It doesn't *need* any external stuff, it is an added layer of protection. You are free to use it or not. However if someone gets ahold of your password, there is nothing vBulletin can do about it. How exactly is vBulletin supposed to stop someone from proceeding when they enter the correct username and password?

                      Comment


                      • #12
                        Originally posted by Total Cult
                        Hm. I interpret that situation as "vB3's security is so crap it needs another layer"

                        It shouldn't need any external stuff that may not be implemented on certain server software, the extra layer should be in vB itself.
                        We have always recommended that Admins put .htaccess control on their Admin Control Panel and Moderator Control panel directories for that extra layer of protection. This is just common sense. How many locks are on your front door? Doesn't mean that each individual lock is garbage or crap, it just means you feel more secure with multiple locks.
                        Translations provided by Google.

                        Wayne Luke
                        The Rabid Badger - a vBulletin Cloud demonstration site.
                        vBulletin 5 API

                        Comment


                        • #13
                          Originally posted by Wayne Luke
                          We have always recommended that Admins put .htaccess control on their Admin Control Panel and Moderator Control panel directories for that extra layer of protection. This is just common sense. How many locks are on your front door? Doesn't mean that each individual lock is garbage or crap, it just means you feel more secure with multiple locks.
                          Amen, you can always use another layer.
                          "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
                          "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
                          Utopia Software - Current Software: Utopia News Pro (news management system)

                          Comment


                          • #14
                            Originally posted by tubedogg
                            It doesn't *need* any external stuff, it is an added layer of protection. You are free to use it or not. However if someone gets ahold of your password, there is nothing vBulletin can do about it. How exactly is vBulletin supposed to stop someone from proceeding when they enter the correct username and password?
                            I think you're missing the point somewhat - the point being that if it didn't need htaccess it wouldn't have htaccess.

                            All htaccess is is just another username and password. What is to stop vBulletin implementing that itself? i.e. you would have:

                            Username: ____________
                            Password: ____________
                            ACP Password: _______________

                            And what if I don't use Apache? Doesn't look to good for me then, does it?

                            Comment


                            • #15
                              Originally posted by Total Cult
                              I think you're missing the point somewhat - the point being that if it didn't need htaccess it wouldn't have htaccess.

                              All htaccess is is just another username and password. What is to stop vBulletin implementing that itself? i.e. you would have:

                              Username: ____________
                              Password: ____________
                              ACP Password: _______________

                              And what if I don't use Apache? Doesn't look to good for me then, does it?
                              Almost every web server has the ability to configure limited access to a certain directory. Since most of the world uses Apache and knows what an .htaccess file is, that is what it is referred to as.

                              I think you're missing the point somewhat - the point being that if it didn't need htaccess it wouldn't have htaccess.
                              vBulletin does not ship with an .htaccess file - if you want to use it you must add it yourself. It is, however, common sense to protect something as much as possible when it is sensitive.

                              I'm not going to continue arguing with you about it. If you want to use it, do so. If you don't, fine.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X