Lock the panel by default?

mauricehh · January 23, 2019, 2:31pm

Hey there,

I was just thinking about the panel in K3. If I install Kirby3 it always comes with the panel, right? What if I do not use the panel and write all my content directly into my markdown.

In this case I may not think about the panel, deploy my site and be happy. But what could happen now is, that somebody opens mysite.tld/panel. The install-procedure will start, the visitor can now setup an account and has access to my site. This access might be very limited because there won’t be any specialized blueprints, but she/he has access.

Wouldn’t it be good to lock the panel by default and init the setup by a config-var or something like that?

texnixe · January 23, 2019, 2:35pm

Installing the Panel on a remote server is not possible without an explicit config setting.
You can completely disable the Panel and the API in your config; without these, the Panel (just a bunch of JS/CSS files), can’t do anything
You can even delete the Panel folder completely, I that’s what you prefer, but it’s not necessary from a security perspective with the config options set as above.

mauricehh · January 23, 2019, 2:43pm

Thank you! I wasn’t aware of that, it just came into my mind after working locally with it.

Topic		Replies	Views
Panel not hidden on remote host	3	181	February 22, 2023
Locked out of panel after SSL addition Solved ✅	5	385	November 12, 2019
Do you use the panel or not? e.g. in your personal websites Solved ✅	6	1108	December 3, 2016
Panel cannot be installed / Panel LogIn is not provided (ftp-server) Solved ✅ panel	5	654	December 20, 2021
Securing the panel - good or bad practice? Solved ✅	10	2534	October 17, 2015

Lock the panel by default?

Related topics