Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

admin directory Not Protected


jvalal

Recommended Posts

Posted

Hi,

 

I am a newbie to OScommerce and was toying around with it today. It seems that anyone can get to my directory with no login just by typing admin after my catalog http directory. How and why does this happen. How can I prevent that from happening?

Posted
There are a few ways to protect it. The easiest way is to use an .htaccess file but this only works for non-Windows servers.  You can read about how to do it here.

 

Jack

 

That's it really? It seems to me that ir shouldn't be that easy to get to my admin tool and this would have been a key focus of oS commerce, as someone can easiy hose your hole store..

Posted
Hi,

 

I am a newbie to OScommerce and was toying around with it today.  It seems that anyone can get to my directory with no login just by typing admin after my catalog http directory.  How and why does this happen.  How can I prevent that from happening?

When you are more comfortable with the file system, change the name of the admin folder and add UN and PW protection. For now, UN and PW protection are a must.

Posted
That's it really?  It seems to me that ir shouldn't be that easy to get to my admin tool and this would have been a key focus of oS commerce, as someone can easiy hose your hole store..

That's all you need. the .htaccess method won't work with all server types so it would not do to include it in the install. Plus, oyu would still have to generate your own file else everyone would know your password. There is a way to provide protection using code that you add but since many hosts provide a method of protection, that would be a waste of bandwidth. So the responsibility falls on the user to add the protection.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted

I too am new here and was fighting that battle today. I found an htaccess generator that works great. You need to remember that the path to the htpasswd file is the server path not the url path. Other than that it is a piece of cake.

 

Here is the link

 

Marc

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...