Admin folder security

[RyanSmith]

Hi,

 

I was just wondering what the best way to secure the admin folder is. I figure that i can just place a simple gate on the front, but does anyone have a better idea for securing the admin. Also is there any good contributions out there that secure the admin.

 

Thanks

[Sincraft]

I have a question on this also..

 

I am currently trying using Cpanel to secure this. I don't think I am doing it correctly however. I am also unable to log into this folder via the web using my hosting password/user or the ones I have assigned to my DB (thinking it would replicate during setup).

 

S

[JB04]

Ryan, you can use .htaccess if you're web host supports them, normally they are setup through cpanel or wherever you sign in,

as for sincraft's question it sounds like you too have to setup a password and username through cpanel or wherever you login to control your website, these are not setup through oscommerce configuration, they are through fantastico if you setup osc through that but you have to do it manually, they are not normally your main hosting password/uname either because these are done on an individual basis per folder.

[Sincraft]

Thanks for the input. However I am a bit confused with CPanels interface. It shows LOCK on the admin folder. When I go in there, it is checked and I have written in the field NO ACCESS. Is that my password?

 

Do I need to create an account below?

 

Are you familiar with Cpanel and know what I mean? Not sure if I am explaining things correctly.

 

Thanks!

 

S

[RyanSmith]

Ryan, you can use .htaccess if you're web host supports them, normally they are setup through cpanel or wherever you sign in,

as for sincraft's question it sounds like you too have to setup a password and username through cpanel or wherever you login to control your website, these are not setup through oscommerce configuration, they are through fantastico if you setup osc through that but you have to do it manually, they are not normally your main hosting password/uname either because these are done on an individual basis per folder.

<{POST_SNAPBACK}>

 

Thanks for you reply,

 

I'm using IIS as my SSL server and Apache as my non-SSL server. This is strange, but it's how I have to do it on my dev machine. Our live server will be running only off of IIS, and I think that htaccess files are for Apache. I'm mostly looking for a best practices of how to lock down the admin, and what other peoplel have done to accomplish this.

 

Thanks again

[JB04]

When I go in there, it is checked and I have written in the field NO ACCESS.  Is that my password?

 

Do I need to create an account below?

 

<{POST_SNAPBACK}>

 

In my cpanel which is hosted on linux os it's default is, create username/password at bottom and setup protection folder display name at top, you have to do both, make user/password and setup htaccess aswell,

I suggest looking on your webhosts website because they provide instructions 4 u.

[JB04]

I'm mostly looking for a best practices of how to lock down the admin

<{POST_SNAPBACK}>

 

You will have to use a password & username on the admin folder, through IIS, It's quite simple through iis really, go to authentication I think, I dont use it.

[Guest]

I have added a password for the admin directory, however, going thru the checkout process from the catalog it ask for login and when you click cancel it will not display some of the graphics....Can someone let me know which files I need to change and which image directories to move so it does not try to access the admin going thru the checkout process..

 

Thanks