Ghost Security (same topic as before but since can't reply there i create new one)


#1

Continuing the discussion from Security of Ghost:

  1. what is the strong protection against SQL injection? is this refer to Bookshelf (ORM used by ghost blog) ?

  2. what is mean by no visitor-facing forms? what if they come to the admin login page?

  3. How to hide (or make it harder to guess where it is located) that admin page part . i.e create unique URL for admin login. For example ghost.org/chamberofsecret
    i ask because for wordpress simply add wp-admin or wp-login we will be redirected to login page.


#2

anyone?


#3

I can’t tell you exactly where or what yet, because I’m still experimenting in my free time with ghost. BUT, all you are asking is either in the documentation or if not implemented, you can do it in the backend.

See if this helps


#4

i think that is not related to what i am asking.
what i am asking is something like,
for example if we want to login on wordpress we go to www.mywpsite.com/wp-admin.

so i want to know if ghost have something like that, maybe www.myghostsite.com/signin.
can i change the URL to something else like www.myghostsite.com/chamberofsecret. well that will be hard to guess the admin login page. if i don’t put link to admin login page

I believe the SQL injection usually happen at admin login page.

that’s why i ask about the no visitor-facing forms because technically if ghost have standard URL for admin login page, that’s count as visitor-facing forms right?

i guess if Mr. @Kevin can answer that would help me. so that i am more confidence about this.


#5
  1. ORM is one of the things that would help prevent SQL injection. Ghost uses it. They also do things like input validation and sanitization, both in the API and in public-facing forms

  2. As stated in the original post, the only public form is the subscribe form, and the input fields are sanitized and validated. There are tons of private forms, in the admin interface, which you need to be authenticated to acess. The admin login form is just a mask for authentication via the Ghost API, since the entire admin interface is a single page application which updates data using said API.

  3. The most you can do is configure the hostname for the admin interface - see. That being said, this is security through obscurityt; Ghost has concrete safeguards, like ratelimiting, to prevent brute-forcing and whatnot.


#6

@eddie what @vikaspotluri123 has written is spot on.

Simply changing /ghost/ to /myrandomurl/ will not add any security. If you want to completely lock it down you could restrict access to a specific IP address or add HTTP Basic Auth at the web server level for /ghost/. You could even lock things down with something like Cloudflare Access

However bear in mind everything Ghost’s admin does is via Ghost’s authenticated API which lives at /ghost/api/v0.1/* so you’ll need to make sure any additional auth you add doesn’t interfere with that.


#7

thanks Mr. @vikaspotluri123 for explanation. Quite convincing


#8

i don’t mean to add any additional auth…

anyway thanks for the suggestion about restrict access to certain IP address.


#9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.