Lets say that I have a domain hosting a public facing
website (www.mywebsite.com).
Now lets say that -
1) Security is not a big thing.
2) To save money, I want to host the admin interface
on the same domain (www.mywebsite.com/admin).
3) The admin interface requires login but never the
less I do not want the public to be even aware of the
location of the admin interface.
4) But there is a chance that someone might type in www.mywebsite.com/admin
by guessing and discover that there is an admin user
interface there.
5) I dont want to use complicated IP blocking to block
access to the admin interface - I want to be able to
login from any machine. I also dont want to go down the
expensive certificate route.
In this case, the following will be useful -
1) A browser that has a simple interface from where I
can map a key to a url. When I make a request to my
admin URL, it sends this key in the header, get or post.
2) A server which shows a 404 unless the key is
present in the header, get or post.
This is fairly a simple feature and I feel that if
browsers and servers implement this, it could become
popular. Could people please give me thoughts on this,
if there might be benefits to this, and if it would be
possible for apache http server to implement this?
why not just use a self signed key and implement ssl for your /admin
only?
