Is it secure to show admin pages only on certain host?

I have public website with no database (with static content). I have one admin page, which allows to edit static content. I want to use that page only when website is on my local computer but not when it's uploaded to hosting server.

Is it safe to add check in admin page for $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] to be equal to localhost?

Replay

$_SERVER["HTTP_HOST"] is unsafe, as it relies on the HTTP request - meaning it can be manipulated by the client.

You should implement a basic login system for this (or use Apache's folder protection)

Category: php Time: 2016-07-30 Views: 0
Tags: php apache

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.120 (s). 12 q(s)