EllisD25 Posted February 17, 2005 Share Posted February 17, 2005 Searched the forum, but I'm not sure what I'm really looking for. When I go to www.domainname.com/catalog/admin from any computer, I'm able to get the administration tool and make changes, without entering any password. What can I do to protect this from the public? If I "password protect" the admin directory on my server, will that work, or will it make necessary files unavailable to users? hope someone knows this - thanks for your help! Link to comment Share on other sites More sharing options...
tommy11011 Posted February 17, 2005 Share Posted February 17, 2005 Searched the forum, but I'm not sure what I'm really looking for.? When I go to www.domainname.com/catalog/admin from any computer, I'm able to get the administration tool and make changes, without entering any password. What can I do to protect this from the public? If I "password protect" the admin directory on my server, will that work, or will it make necessary files unavailable to users? hope someone knows this - thanks for your help! <{POST_SNAPBACK}> I'm new to oscommerce myself, but here is what I did. I removed the admin folder completely from the store. If you do this, you will need to edit 2 files, both called configure.php located at /catalog/includes and /admin/includes Also, as you mentioned, I added entries to the default .htaccess files to make it password protected. As far as I can tell, the admin directory could be completely removed from your domain name and placed into another domain name as long as the database stuff is correct inside the configure.php file. Link to comment Share on other sites More sharing options...
ArtRat Posted February 17, 2005 Share Posted February 17, 2005 move the folder as stated above. rename the folder (admin is a very easy folder to guess- if you just move it to say mydomain.com/admin - how easy would that be to type in?) RENAME IT to something not easy to discover. make sure you edit the (both) configure.php's to reflect this move/change Then in your website admin control panel-- password protect that directory. there are some contributions that also add further protection out there. search osCommerce contributions. google for "password protecting directories" if you don't know how. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.