Please read the whole question before saying duplicate.There are similar but this is different.
I have a website that users can post ads. Its written by using ASP.NET. So If a user post an ad it should go through a review path.( Involving an admin )
eg: User posting an ad. Then admin log to his admin page and review the ad and then give the approve.
I developed it within the same solution file. Currently I put this page in a folder. To access it user have to type
http://ift.tt/1J5BYen
manually. Please not that whole site is secured with SSL. Because that page is not linked from the main website. And this admin user doesn't have a user account in user account table.
So admin has to enter a password to enter this page. This password is hard coded( Not getting from the DB ).
So am I using the right approach? Can a hacker attack to this page?
I dont want search engines to index this page. Also what about this hard coded password method? Is it a secure way? Is it a good way to implement this page in this domain? I have different domains for this website end with .org and .info etc... Can I use such to access my admin page?
Tell me the best and secured approach to do this. Thank you very much.
Aucun commentaire:
Enregistrer un commentaire