Thread: Admincp on a different machine?
View Single Post
  #13  
Old 04-20-2009, 04:36 AM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Well - conclusion first - this is maybe useless. The problem is that the second (your Admin machine) would need the SQL rights you want to take away in order to do administrative tasks.
To write them in the DB of your first machine, you either have to setup a replica - the replica user would then have the rights you want to take away or some kind of tunnel - then again the problem remains the same.
At least INSERT / SELECT is required to run Vbulletin and that's already enough to dump the passwords or add another admin to your forum - if there's an injection possible.
I just want to say that all this might not give the security enhancements you're looking for because at least one DB user needs to rights at your VB database.
Maybe, rename the AdminCP folder, add a Password Protection and if you want to lookdown IP's do it directly in the Webserver configuration.
Or move your AdminCP - at the same server - inside a SSL environment setting up a redirection, Client Cert Authentication is the key.

Like said, DB access is still required with the rights you care about, doesn't matter where your AdminCP is placed. IP's can be spoofed as well so the time is maybe better spent configuring your primary machine that injections are already as hard as possible. Moving something insecure away doesn't make it more secure anyways if there's a problem because even at the other machine, the security problems, if any, will stay.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01198 seconds
  • Memory Usage 1,761KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete