[SOLVED] Security question regarding installation script

[elis]

I'm creating a PHP application for a friend and am providing an installation script (I might publicly release this application later which is why I'm concerned about security.)

 

The application has an admin section, I was thinking of allowing the user to name where all of the admin files are stored instead of in a typical "admin" folder, and store what this folder is called in the configuration file.

 

I know this isn't going to really deter hackers, but any steps to make it a little trickier might help.

So my questions are:

 

a) would this be a pointless step? Should I just use a pre-defined folder?

b) if I do use this step, where should I store the folder name so that I can access throughout the script? I was thinking in the configuration file since it's located above the directory.

c) does anyone have any additional security suggestions I should use?

 

I think I have most measures covered, all user input is sanitized and a whitelist is used, but haven't figured a way to deal with session fixation.

 

[elis]

anyone at all?

[abazoskib]

that step might add a little security, but i doubt it would affect the overall security, if at all. try to build a secure login system, and establish correct permissions on the folder. should be good enough. you could even try a double log in with user selected questions/answers.

[elis]

Thank you, I'll try that