Ask HN: How do you implement site Admin?
I have been making a list of things I would, as Administrator of a web-app, want to manage and control from a single secure interface. The list is getting quite long and includes the following:
* Approving comments, users, new content etc
* browsing the phpdoc or javadoc for the app
* view stats (basic awstats)
* "Contact Form" submissions that need responses
* Advertising A/B test results, notes, figures, values etc
* viewing user accounts for billing/overdue
* process payment refunds
* give users a freebie such as 30 days free
* Make text notes about setups, configurations, relevant urls, server IPs etc.
Has anyone here just used a mediawiki install at https://admin.yourdomain.com and put everything in there? Is this secure?
P.S. I am thinking of something much more than simply a performance dashboard.
5 comments
[ 3.9 ms ] story [ 17.8 ms ] threadThings typically get promoted to my admin panels after I get sick of doing them manually on another site (e.g. log into Paypal for refunds or parse-and-crunch a CSV repeatedly).
I keep all my notes either in paper or Dropbox. If I had a team, I'd have a wiki running on a physically separate machine. (Putting software with that sort of risk profile on a machine with production data scares me.)
When you say auth access, do you mean a .htaccess password over SSL? I had not thought of such a simple solution.
For me the slowest part about implementing most of an app's functionality is making it simple and hand-holding. For admin functionality I only do that when it's really helpful, the rest of the time it's barebones, which means it's fast to do.
Security wise I highly recommend putting all the admin functionality on a VPN/tunneled-only accessible URL/IP/Server with appropriate IP ACLs. This prevents a lot of the most common types of security mistakes from becoming big problems.