Team, I have installed 1.5 RC4 and was using the ../input directory to get to my admin logon page. I have upgraded to 2.0 and during the post processing it tells you to rename the ADMIN folder to the name of your old folder......
"step 7 Rename admin folder to what you set $s_admin_path to." So I renamed admin to input. So far all is OK. Now I have upgraded to 2.02 and the instruction tell you to upload/replace ALL files. So now I have a admin folder and also an input folder. The appear to have similiar file and both will bring up an admin login page. Are both of these needed. I am wandering after the upgrade if I should be using the latest ADMIN directory or my original input directory. My input directory has a backup folder and under there a few ee_? backup directories that do not exist under the latest uploaded admin directory.
Please let me know if you merged the two directories or used one or the other.
Thank You,
Rich

I'm no expert, but I believe the idea of making you rename the admin folder and point to it using $s_admin_path is to increase security. So you should not tell us what your admin folder is called in a public forum, and you should give it some unique name, known only to you. The 2.02 admin upgrade files you should copy the folder pointed to by $s_admin_path ... (whatever it's named). That's the only place EE will look for them. There should be no folder named "admin" on your server at the end of the upgrade. That's my understanding. Cheers, Rich.

you are exactly right, rich... it is for higher security and there should not be a folder named admin after all is said and done...

Team, thanks for the responses, but I have one observation: The .../basecode directory that contains the SETUP_settings.php or similar file. In this file is the connection data and ADMIN path variable. So, some one can just get into this KNOWN directorty and from ther can see you ADMIN directory by exmining the SETUP* file. So, my question is: after upgrading, are we supposed to remove the ../basecode directory or just the setup file that contains this information.

Sorry for the posting if this has been covered before.....But I have gone back through the install threads and I did not see any reference to post processing steps after install/upgrading that mention removing this directory or files in it.

Thanks again,
Rich

no, basecode stays there... if you just go to http://yourdomain/basecode you get a directory denied page... if you go to http://yourdomain/basecode/SETUP_settings.php, you get a blank page... additionally, there's nothing in the source for that page... somehow, i don't see the supposed danger you speak of...

Wkitty42, thanks for the response. I was just explaining that if we are to change the admin directory name....to keep it secure....if some one gains access to your files...then the admin path is in clear text in the SETUP_settings.php. I guess I just need to know what the team means by security risk of getting to the admin directory....or is it just the fact that it displays a login page...which is password protected any way.

Is that the risk.....? The fact that it displays a login page?

Thanks,
Rich

that is one thing... if anyone can get to a login page, they can beat on it with a dictionary attack and see if they are successful at gaining access... once there, they can do anything that is offered... it is also possible that they may find a hole and be able to perform more dramatic stuff... in eE, there's access to an editor that may be able to open web files that they could edit and save... the main thing is that one should use a directory name that isn't easily guessable as well as using long(er) hard to guess passwords...