Open huytd opened 7 years ago
Cxarli
commented
7 years ago Giving a 404 wouldn't be the best answer. Admins who aren't logged in, might think they have the wrong page. I suggest giving a 401 and a page that asks you to log in as an admin.
qcam
commented
7 years ago Regarding the status code, I suppose 403 Forbidden would be the best fit for the idea of "Only administrator and moderators will have access to the dashboard, other users will get a XXX". 401 Unauthorized is unfortunately a lie, it's mostly about authentication.
huytd
commented
7 years ago 401 is still good. The reason I'm chosing 404 is because I don't want to give "hackers" any sign of the existent of the admin dashboard. Which will be better?
qcam
commented
7 years ago @huytd well ... the repo is open source.
huytd
commented
7 years ago Then the admin route should be stored in a configurable file, so you can change it whenever you want during deployment. Sound good right? :D
Cxarli
commented
7 years ago Security by obscurity is never a good idea :wink:
This will be the first feature for the Admin Dashboard.
There are a lot of incoming request for the Admin Dashboard but let's keep it as simple as possible for now.
Both backend and frontend will need to be done for this.