Why Enforcing Security by Obscurity?

[Dayo]

So the new 1.3.9g will not let me administer my site until I rename my admin folder?

I do not want to rename my admin folder and have it locked down so that no one can access it without knowing two separate passwords.

This is what security is and while I can understand people might want to hide it, I have no need for this and Zencart should not be enforcing this sort of "security"

So can one of the admins kindly point me to where the check is done so I can disable it as to repeat, I have no need for this and do not want to practice this.

Thanks.

[kobra]

I do not want to rename my admin folder and have it locked down so that no one can access it without knowing two separate passwords.

That is NOT what this does - - - it only uses a re-named folder for your admin so that instead of accessing with

http: //yourdomain.com/admin

It will be

http: //yourdomain.com/new_name

NO DOUBLE PASSWORDS required

[Dayo]

That is NOT what this does - - - it only uses a re-named folder for your admin so that instead of accessing with

http: //yourdomain.com/admin

It will be

http: //yourdomain.com/new_name

NO DOUBLE PASSWORDS required

Thanks for the response.

I understand do what it does. It wants me to change the name of my admin folder so that would be hackers would not know where it is and thus be unable to hack me.

What I am saying is that my admin folder is secure thanks and I have no need or wish to rename it and also do not think zencart should be forcing that sort of "security" down my throat in the first place.

This is not real security as you well know and the real security is to address the issue that they exploit as with simply renaming, if by fluke they stumble upon the name (I bet a lot of people will just add one letter to the beginning or end) then we are back at Square 1 ... again as you well know.

In any case, I have located where the check is done and disabled it.

Thanks again for the response.