

Where to place backend administration tools? - pplante

I was curious how everyone here manages to secure the backend administration tools which control various aspects of your apps data.  What I mean is where do you put the app that manages the data inside your app.<p>We were thinking of placing this app on a different domain with ultra-secure passwords, possibly accessible only via IP.  The initial page would be totally non-de-script so any scans would just see a login screen.  The ultra-secure passwords enforcement would help with brute force attacks, might even force passwords to be reset every few weeks.<p>What are your thoughts?  Do you use VPN regulated access only? RSA secure keys?
======
cperciva
I manage things by SSHing in to my server.

~~~
pplante
I do that now, but as I have other non-technical people beginning to use the
project I need a way for them to manage accounts and other data we index.

