Home>
I'm web developing my backend with Django.

I haven't deployed it yet.

Not limited to Django, I think that I will use the management screen when I need to access the site or application that I manage as an administrator.
I have a question here.

I am worried whether the management screen can be managed safely.

The measures I have considered are as follows.

System that restricts access
  • Make the URL of the management screen a random string.
  • Add basic authentication to the URL of the management screen
  • Specify an accessible IP address (although it will be home only)

If i do this, will the URL be difficult to find and access?

Also, is there a possibility that even a random character string will be parsed?

If i do not restrict access
  • Turn on recapcher.
  • Basic hacking measures such as SQL injection (framework standard)
  • Limiting the number of password entries
  • Answer # 1

    Assuming that it is https

    I am worried whether the management screen can be managed safely.

    about

    Specify an accessible IP address (although it will be home only)

    That's enough if you can do it.


    If you do this, will the URL be difficult to find and access?

    If it refers to the possibility that a person will manually predict and access a URL rather than mechanically, a random string will make it impossible.
    If you send a request many times within a certain period of time, you can deny access at the web server level.

    Add basic authentication to the URL of the management screen

    If it is https with a character string and length that cannot be guessed, that will be enough.

    Specify an accessible IP address (although it will be home only)

    It is assumed that it is a global IP and a fixed IP, but this is the best. This control cannot be breached unless the house is invaded and the line is used.

    As an extension of IP restrictions, there is a way to build a VPN and limit it to LAN.

    If you do not restrict access

    I don't understand what you're saying.