[typo] Visible admin urls?

Kevin Ballard kevin at sb.org
Mon Mar 20 21:51:54 EST 2006

Well, anybody who's ever looked at typo will be able to figure out  
the path pretty easily anyhow. If your login is secure, trying to  
obscure the path here isn't going to do anything at all. That would  
be like closing the window while the door is wide open.

On Mar 20, 2006, at 11:31 AM, Pawel Szymczykowski wrote:

> Is there any reason this stuff should be visible to someone who isn't
> even logged in? Can't we hide it server side or something? OK - bad
> idea because of the caching - but how about at least obscuring the
> link with javascript or something? I don't mean something spammy with
> lots of string concatenation, but how about just a function in a
> peripheral .js file that does a document.write of the link?
> I realize that the link won't do anything without authentication (as
> shown in the redirect from the logs), but it still makes me a little
> bit paranoid that it's there. Why show all of your houseguests the
> exact location of the floor safe if you don't have to?
> OK. That's all - sorry, I'm going to take a deep breath and calm down.
> Am I overreacting, or does anyone else find this a bit scary?

Kevin Ballard
kevin at sb.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2378 bytes
Desc: not available
Url : http://rubyforge.org/pipermail/typo-list/attachments/20060320/5843e401/attachment-0001.bin 

More information about the Typo-list mailing list