Web Wiz Forums - changes to common.asp & admin.asp

Print Page | Close Window

changes to common.asp & admin.asp

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=29126
Printed Date: 01 April 2026 at 12:44pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: changes to common.asp & admin.asp

Posted By: WebCity
Subject: changes to common.asp & admin.asp
Date Posted: 15 February 2011 at 5:09pm

I had a member brag he found the admin login page. I checked and sure enough you can go to the /forum/admin.asp and get the login page. I would like to see admin.asp file part of the common file so we can change the location of the admin login page.

Until then I would like to make the admin.ap point to a fake file name so it will get the oops page. Only a admin that is loged into the forums will see the admin.asp login page once they click the admin link.

I also changed the common.asp file and the db files to

common.asp file - line 4

database_connection.asp or now the new xyz_filename.asp - line 63

Replies:

Posted By: 123Simples
Date Posted: 15 February 2011 at 7:13pm

I'm not sure that this is such an issue. The link is as you say pretty standard, and without the username and password, it is redundant anyway. Until the admin username and password is entered, all they can see is the actual login page for the admin area - nothing else. In fact by altering the script and asp and database connection codes, you may be inadvertingly causing more problems than it is worth.

-------------
http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design

Posted By: WebWiz-Bruce
Date Posted: 15 February 2011 at 8:47pm

The admin login page is not a secret and you can find many a reference to it in these forums as well as documentation going back some 8 years.

The admin login has a more secure login system that only admins can enter and does not support cookies like in the main forum. It also use CAPTCHA to prevent brute force hacking. As long as you do not give the admin account some silly password like 'pa55word', 'qwerty', or some other easy to guess password no one will get in.

There is no point in renaming the common.asp file or the database_connection.asp file as these contain code that will only run server side and so can not be downloaded or the contents viewed.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting