Having the admin screens at
/admin is a reasonable thing to do. Let's update the routes to make that happen by updating the four routes starting with
/posts to start with
Head to http://localhost:8910/admin/posts and our generated scaffold page should come up. Thanks to named routes we don't have to update any of the
<Link>s that were generated by the scaffolds since the
names of the pages didn't change!
Having the admin at a different path is great, but nothing is stopping someone from just browsing to that new path and messing with our blog posts. How do we keep prying eyes/fingers away?