Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Changing the admin folder name


track5

Recommended Posts

apologies if this is a really dumb question but I can't find any related posts...

 

I've just installed osCommerce and realise I need to change my admin folder name. I've done this by simply changing the directory name through my ftp client and can load up the default page in the renamed location but all the links point back to the original admin directory which of course no longer exists...

 

Have I gone around things the wrong way or what can I do to correct this?

 

many thanks in advance.

Link to comment
Share on other sites

apologies if this is a really dumb question but I can't find any related posts...

 

I've just installed osCommerce and realise I need to change my admin folder name. I've done this by simply changing the directory name through my ftp client and can load up the default page in the renamed location but all the links point back to the original admin directory which of course no longer exists... 

 

Have I gone around things the wrong way or what can I do to correct this?

 

many thanks in advance.

Take a look at your catalog/admin/includes/configure.php file and see if it says "admin" in the path on these lines:

 

define('DIR_WS_ADMIN', '/PATH/admin/'); // absolute path required

 

define('DIR_FS_ADMIN', /PATH/admin/'); // absolute pate required

 

If so, change "admin" to the correct name.

Link to comment
Share on other sites

...I've just installed osCommerce and realise I need to change my admin folder name....

Why do you _need_ to change the admin directory name ?

 

Do you think this will increase security at all ? You are very badly mistaken if you think so.

 

Trying to hide the admin directory by changing its name is false (not even tissue-thin) security - your system should be set up such that the client needs authorisation to get access to it, authorisation that only you will have, of course.

 

Rich.

Link to comment
Share on other sites

Why do you _need_ to change the admin directory name ?

 

Do you think this will increase security at all ? You are very badly mistaken if you think so.

 

Trying to hide the admin directory by changing its name is false (not even tissue-thin) security - your system should be set up such that the client needs authorisation to get access to it, authorisation that only you will have, of course.

 

Rich.

I think I would rename it only because if you don't, it is too easy to find. If I rename it, is it still easy to find? If so, how? I don't want to have a false sense of security......

Link to comment
Share on other sites

Why do you _need_ to change the admin directory name ?

 

Do you think this will increase security at all ? You are very badly mistaken if you think so.

 

Trying to hide the admin directory by changing its name is false (not even tissue-thin) security - your system should be set up such that the client needs authorisation to get access to it, authorisation that only you will have, of course.

 

Rich.

 

While you still need to password protect your admin no matter what you name it renaming the folder is a good idea. If people do not even know what the address to your admin is then you are much better off. It is only one layer but a good one.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

While you still need to password protect your admin no matter what you name it renaming the folder is a good idea. If people do not even know what the address to your admin is then you are much better off. It is only one layer but a good one.

What you say might hold some truth if you leave the admin directory inside the catalog directory (I must admit that I forgot this was the default case).

 

However, if you move the admin directory _outside_ of the catalog directory (where it ought to be anyway, really), then it is much easier to protect and it won't matter a jot what you call it.

 

To highlight : If the only public access to your OSC installation in www.example.com/, so www.example.com/index.php will bring up the front page of your shop (ie - NOT www.example.com/catalog/index.php), then no one is going to be able to get to the admin directory, regardless of what you call it if it is not inside the catalog directory tree.

 

And, of course, once the admin directory is moved out of the way, you can very easily protect it using SSL client certs, basic password auth, wild rabid dogs, and plague carrying rats, etc.

 

Rich.

Link to comment
Share on other sites

What you say might hold some truth if you leave the admin directory inside the catalog directory (I must admit that I forgot this was the default case).

 

However, if you move the admin directory _outside_ of the catalog directory (where it ought to be anyway, really), then it is much easier to protect and it won't matter a jot what you call it.

 

To highlight : If the only public access to your OSC installation in www.example.com/, so www.example.com/index.php will bring up the front page of your shop (ie - NOT www.example.com/catalog/index.php), then no one is going to be able to get to the admin directory, regardless of what you call it if it is not inside the catalog directory tree.

 

And, of course, once the admin directory is moved out of the way, you can very easily protect it using SSL client certs, basic password auth, wild rabid dogs, and plague carrying rats, etc.

 

Rich.

 

So if you could translate for a newb I would be greatful. Right now my renamed admin folder is still under the catalog directory, but it is password protected with my domain control panel. Is there a better way to do this for more security? You mentioned moving the admin folder? What does this do and where would you suggest it be moved to. Can it be in the private directory or does it still have to be under the public html directory

Link to comment
Share on other sites

So if you could translate for a newb I would be greatful.  Right now my renamed admin folder is still under the catalog directory, but it is password protected with my domain control panel.  Is there a better way to do this for more security?  You mentioned moving the admin folder?  What does this do and where would you suggest it be moved to.  Can it be in the private directory or does it still have to be under the public html directory

If you look at this thread, you will find a discussion about moving the configure.php file to somewhere outside the htdocs tree, but it touched on your problems too and you may find it useful...

 

http://www.oscommerce.com/forums/index.php?showtopic=128078

 

Basically, you change the file structure from this....

 

htdocs

|---catalog

| |---admin

 

...to this...

 

htdocs

|---catalog

|---admin

 

All you need to do to make this work is jiggle the paths a bit in the admin includes/configure.php file. There really isn't much to it.

 

If you use apache's <DocumentRoot> directive (see above thread), you can set it up so that you public shop is rooted at htdocs/catalog/catalog rather than htdocs/. This is better for two main reasons and is explained in the above thread also.

 

Rich.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...