I'm building web app without users and I want to create a back office for admin to edit something on the site. I thought to add a route that isn't accessible from any place in the app and only admin has it and there he can login. Is there any acceptable practice?
Thanks
I think this is not best practice, as this is just hiding without proper protection (known as Security through obscurity). A lot of things can go wrong with this approche, like the URL get indexed on Google by mistake. For this reason it would be better to use a admin user with a proper password.