Home | Documentation | Standards | Settings File | Toolbar Security | Advanced Options Settings Wizard | Toolbar Limitations | Blog Info |

AdminimizerToolbar Security Considerations Sites that use the AdminimizerToolbar are no more or less secure than sites with conventional administration sections. To give your site maximum security you should: Protect your TargetPage with some type of security. A user must get to the target page if they want to change content on your site, therefore protecting it is very important. If you have a Windows server, using Windows integrated security on that page would be an excellent option. Other options include protecting it with session variables or cookies. Change the value of EditID to something of your own choosing. If you leave it as "editSpace" you are advertising exactly how your site administration is set up. Change the value of TargetPage to something else. Again, if you leave it as the default ("saver.asp") you are advertising your method of site administration. Change the name of the settings.xml file to something non-obvious. If a malicious user finds this file they will not be able to edit your site, but they will know where to direct their energies. If you are using ASP or similar types of dynamic pages you can set them up to only show the editing script if the user has permission to use it. Placing the scripts and XML file on every page slightly increases your security risk because a malicious user can use the XML file to find your TargetPage. Knowing where this page is would allow them to focus their attack. Therefore, this information is best kept private.