We have just updated from J-Secure to Admin Tools. The one thing we enjoyed about J-Secure was the ability to add a custom redirect for failed secret URL parameter. The reason why we need it, it because we have many sites and admins and if they saw a custom message when attempting to login there admin area, it would allow them to request the proper URL parameter, otherwise they would assume there is a problem with their site
#22773 secret URL parameter custom redirect?
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by nicholas on Thursday, 11 June 2015 07:22 CDT
Thursday, 11 June 2015 07:01 CDT
eclipsemedia
Thursday, 11 June 2015 07:22 CDT
nicholas
Akeeba Staff
Manager
Hm, but that completely counters the idea of the secret word protection. The idea is that an attacker should not know if the /administrator directory exists or not, hence the redirection to root. Adding a custom redirection, especially one with a message, tells the attacker he should keep guessing a secret URL parameter. For this reason we're not going to implement the requested feature.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!