Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to secure Admin part?


mian_saif

Recommended Posts

Hi guys,

 

Today i've successfully installed osCommerce on my machine for testing. I am surprised that apparently there is no mechanism to secure the Admin part of it. No password is required to access this part.

 

Dont you guys think it is really volunerable? Is there any method to secure it??

 

Cheers

Link to comment
Share on other sites

The standard osCommerce has no admin protection.

 

You can protect your admin folder via your "control panel" provided by your host, or use apache .htaccess protection, or use the Access Protection By Levels contribution in the contribution section (see above).

 

HTH

Tom

Link to comment
Share on other sites

You can also intall an admin login contribution that will allow different admins to login. In addition to adding security, it allows different members of organization to log in. I use .htaccess and the contribution.

 

Here is a link to the contribution:

 

http://www.oscommerce.com/community/contributions,1174

 

This is the one I use but there are others you could try.

Link to comment
Share on other sites

you would be better off using both, as the ones in the database can be hacked easier than the htaccess one (as long as you use strong passwords)

Link to comment
Share on other sites

Also it would be even more beneficial to rename your Admin folder. That way they have to find what you've called the folder before they even have chance to crack your password.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...