Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

admin directory Not Protected


jvalal

Recommended Posts

Hi,

 

I am a newbie to OScommerce and was toying around with it today. It seems that anyone can get to my directory with no login just by typing admin after my catalog http directory. How and why does this happen. How can I prevent that from happening?

Link to comment
Share on other sites

There are a few ways to protect it. The easiest way is to use an .htaccess file but this only works for non-Windows servers. You can read about how to do it here.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

There are a few ways to protect it. The easiest way is to use an .htaccess file but this only works for non-Windows servers.  You can read about how to do it here.

 

Jack

 

That's it really? It seems to me that ir shouldn't be that easy to get to my admin tool and this would have been a key focus of oS commerce, as someone can easiy hose your hole store..

Link to comment
Share on other sites

Hi,

 

I am a newbie to OScommerce and was toying around with it today.  It seems that anyone can get to my directory with no login just by typing admin after my catalog http directory.  How and why does this happen.  How can I prevent that from happening?

When you are more comfortable with the file system, change the name of the admin folder and add UN and PW protection. For now, UN and PW protection are a must.

Link to comment
Share on other sites

That's it really?  It seems to me that ir shouldn't be that easy to get to my admin tool and this would have been a key focus of oS commerce, as someone can easiy hose your hole store..

That's all you need. the .htaccess method won't work with all server types so it would not do to include it in the install. Plus, oyu would still have to generate your own file else everyone would know your password. There is a way to provide protection using code that you add but since many hosts provide a method of protection, that would be a waste of bandwidth. So the responsibility falls on the user to add the protection.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...