newclearbomb Posted January 13, 2005 Posted January 13, 2005 how do I Secure the Administration Tool? do I just use .HTACCESS or something or is there a built in password protection I can turn on? I've renamed the 'admin' folder which is a start, but I need to lock down the admin tool. thanks :) James
♥Vger Posted January 13, 2005 Posted January 13, 2005 You have renamed the 'admin' folder, good. Have you also renamed the paths in your admin/includes/configure.php from /admin/ to /newname/ ? Once that is done, go to your web hosting control panel and use the Password Protect feature to protect the 'newname' directory. If your hosting control panel doesn't have this feature (all good ones have it), then there are Contributions (link at top of this page) which can be used to Password Protect the 'admin' area. Vger
newclearbomb Posted January 13, 2005 Author Posted January 13, 2005 yup, updated the paths in the PHP files :thumbsup: the install didn't work 100% on both servers I tried it on so I've edited the 2 configure.php files manually and made sure all the file paths are correct. I'll have a chat with my host, they're very friendly. I'm sure password protecting the directory will be no problem, thanks for your help :) Is there a guide I can follow to modifying the install to suit my needs? I'm quite used to having to RTFM, but I can't obviously see one.....
♥Vger Posted January 13, 2005 Posted January 13, 2005 I think the problems you are having are due to the server you're on. I never have any problem installing osCommerce on our servers - none at all. There is no 'Manual' for osCommerce, but I believe there is a 'loade' version called osC Max which does have a 'Manual' Vger
goodwinj Posted January 13, 2005 Posted January 13, 2005 You have renamed the 'admin' folder, good. Have you also renamed the paths in your admin/includes/configure.php from /admin/ to /newname/ ? Once that is done, go to your web hosting control panel and use the Password Protect feature to protect the 'newname' directory. If your hosting control panel doesn't have this feature (all good ones have it), then there are Contributions (link at top of this page) which can be used to Password Protect the 'admin' area. Vger <{POST_SNAPBACK}> Hi your post was useful to me as a newb but can you tell me where this script is for securing admin - my host does not have a directory password protect feature! Many Thanks John
♥Vger Posted January 14, 2005 Posted January 14, 2005 John - you've quoted my post, but if you read it then it will also tell you where to look for it. Vger
JnJSpdShop Posted January 14, 2005 Posted January 14, 2005 You have renamed the 'admin' folder, good. Have you also renamed the paths in your admin/includes/configure.php from /admin/ to /newname/ ? Once that is done, go to your web hosting control panel and use the Password Protect feature to protect the 'newname' directory. If your hosting control panel doesn't have this feature (all good ones have it), then there are Contributions (link at top of this page) which can be used to Password Protect the 'admin' area. Vger <{POST_SNAPBACK}> I was just wondering if this is necessary? I have password protected my admin directory but I didn't change the name of it, am I risking something by not renaming
newclearbomb Posted January 14, 2005 Author Posted January 14, 2005 I was just wondering if this is necessary? I have password protected my admin directory but I didn't change the name of it, am I risking something by not renaming <{POST_SNAPBACK}> I think it's just the belt and braces approach. You do need to password protect it, but you don't need to rename it. I've renamed mine to give an extra layer of security. It just means that people can't automatically try www.mydomain.com/catalog/admin/index.php and start to try hacking the password. They'd have to guess the new directory name before they can even try entering passwords
♥Vger Posted January 14, 2005 Posted January 14, 2005 It's best to rename it, and to something 'unique' (admin2 won't do it). If you keep it as 'admin' then the hacker will find it straight away, and once their User Name and Password cracking software gets going it could be only a few minutes before they get in. If they don't know the name of the file they're pretty much stuffed. Vger
kevinlippiatt Posted January 14, 2005 Posted January 14, 2005 Hi, You say to rename the paths in the admin/includes/configure.php file - but when i open it up there are no paths with /admin/ in them??? Am I looking at the wrong config file?
JnJSpdShop Posted January 14, 2005 Posted January 14, 2005 I believe they are talking about lines 19 & 20 define('DIR_WS_ADMIN', '/admin/'); // absolute path required define('DIR_FS_ADMIN', '/home/jandjspd/public_html/store/admin/'); // absolute pate required Do I change both these lines? and just change the admin to my "new folder name"
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.