jvalal Posted January 3, 2005 Posted January 3, 2005 Hi, I am a newbie to OScommerce and was toying around with it today. It seems that anyone can get to my directory with no login just by typing admin after my catalog http directory. How and why does this happen. How can I prevent that from happening?
Jack_mcs Posted January 3, 2005 Posted January 3, 2005 There are a few ways to protect it. The easiest way is to use an .htaccess file but this only works for non-Windows servers. You can read about how to do it here. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
jvalal Posted January 3, 2005 Author Posted January 3, 2005 There are a few ways to protect it. The easiest way is to use an .htaccess file but this only works for non-Windows servers. You can read about how to do it here. Jack <{POST_SNAPBACK}> That's it really? It seems to me that ir shouldn't be that easy to get to my admin tool and this would have been a key focus of oS commerce, as someone can easiy hose your hole store..
NextLevelMotoring Posted January 3, 2005 Posted January 3, 2005 Also, most web hosts have some sort of a 'protect directory' feature, that you can use to create password-protected access to different directories (such as admin)
Guest Posted January 3, 2005 Posted January 3, 2005 Hi, I am a newbie to OScommerce and was toying around with it today. It seems that anyone can get to my directory with no login just by typing admin after my catalog http directory. How and why does this happen. How can I prevent that from happening? <{POST_SNAPBACK}> When you are more comfortable with the file system, change the name of the admin folder and add UN and PW protection. For now, UN and PW protection are a must.
Jack_mcs Posted January 4, 2005 Posted January 4, 2005 That's it really? It seems to me that ir shouldn't be that easy to get to my admin tool and this would have been a key focus of oS commerce, as someone can easiy hose your hole store.. <{POST_SNAPBACK}> That's all you need. the .htaccess method won't work with all server types so it would not do to include it in the install. Plus, oyu would still have to generate your own file else everyone would know your password. There is a way to provide protection using code that you add but since many hosts provide a method of protection, that would be a waste of bandwidth. So the responsibility falls on the user to add the protection. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
tat2nu Posted January 4, 2005 Posted January 4, 2005 I too am new here and was fighting that battle today. I found an htaccess generator that works great. You need to remember that the path to the htpasswd file is the server path not the url path. Other than that it is a piece of cake. Here is the link Marc
marcanthony Posted January 4, 2005 Posted January 4, 2005 Do you have Frontpage to edit if so let me know I show you a way to do it
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.