Jamie,
That depends heavily upon your internal policies and application type. If
you are building something that operates on an isolated LAN, then it may not be
necessary to separate the admin login.
However, for my web app, I am building a completely different app that is
specifically for admins. It resides on a isolated server that has access to the
user DB. The admin UI has it's own authentication provided by LDAP instead of
another user DB. This completely separates web-users from admins with no
possibility of overlap. In other words, users have no way of accessing the
admin UI. This also gives me freedom of using different teams to develop the
UI's in parallel. Plus, I can customize the interface of the internal interface
with modules that should not be availed to public users. E.G., Splunk and SOLR
can be installed for data mining and business intel.
iPadから送信
バートレット理路
#⃣090-6493-1691
2014/06/01 11:25、Jamie Krasnoo <[email protected]> のメッセージ:
> Hi All,
>
> Before I dive headfirst in to creating the authentication for a site I'm
> building. I thought I'd ask a few questions and get your opinion on the
> best thing to do as far as security and authentication on a zf2 site. I'm
> trying to make the Admin area as secure as possible. I've read opinions on
> securing the admin area. One of which is making admins separate from
> members, tables, user type and entity, authentication and all. If a regular
> user happens to stumble upon the admin area to make sure the login for it
> pops up and if they try to log in that they won't be able to. Is it worth
> it at all to separate the users and authentication services for the areas
> or it is overkill and an over complication?
>
> Jamie
--
List: [email protected]
Info: http://framework.zend.com/archives
Unsubscribe: [email protected]
