sanddragon2004 Posted April 6, 2005 Share Posted April 6, 2005 can some one give me some advice on securing the admin pages? /admin/index.php ??? Link to comment Share on other sites More sharing options...
student Posted April 7, 2005 Share Posted April 7, 2005 I would like to know the answer too. I saw the following warning in the Admin index page: "You are not protected by a secure SSL connection." So I think my question will be how to SSL secure the folders/files under the Admin? Thanks. :rolleyes: Link to comment Share on other sites More sharing options...
Guest Posted April 7, 2005 Share Posted April 7, 2005 can some one give me some advice on securing the admin pages? /admin/index.php ??? <{POST_SNAPBACK}> Use Directory Password Protect feature from your host or search the internet for .htaccess password. Link to comment Share on other sites More sharing options...
perpetual-burn Posted April 7, 2005 Share Posted April 7, 2005 ^ as said above, that will protect your directory. But it's not SSL, SSL is a security cert taht must be purchased. Check geotrust.com or verisign.com for detilails. Link to comment Share on other sites More sharing options...
Guest Posted April 7, 2005 Share Posted April 7, 2005 Also, osCommerce does not give you the option of using SSL for the admin section by default. You'll have to edit the following line in catalog/admin/includes/configure.php define('HTTP_SERVER', 'https://www.amazon.com'); (note the https) Of course, do this only after you have an SSL certificate installed. Link to comment Share on other sites More sharing options...
Guest Posted April 7, 2005 Share Posted April 7, 2005 My shared hosting allows us to password protect directories, but doing so adds a .htaccess file to the directory. Right now mt catalog and admin directories already have ones that apparently do something for SSL and Internet explorer. Should I delete these to make room? Is that safe? Meahwhile, what security measures need to be taken for the configure files? I heard they need to be write protected but any more so than each part of my site? Nobodys should be able to ftp to it without the passwords anyway, right? Link to comment Share on other sites More sharing options...
student Posted April 7, 2005 Share Posted April 7, 2005 I have an SSL certificate installed, so when the customer log on, http:// will change to https:// and my page has the lock symbol. but if I go http://.. /catalog/admin, it stays as http:// with the following warning in the Admin index page: "You are not protected by a secure SSL connection." Only if I use https://../catalog/admin, then see massage saying: "You are protected by a 128-bit secure SSL connection." with the lock symbol. How can I configure the system to use SSL connection to the Admin index page no matter which method (http:// or https://)? Just like how the catalog pages behave. BTW, the suggested adding the S on this line in the catalog/admin/includes/configure.php did not make this happen define('HTTP_SERVER', 'httpS://myip'); Thanks. Link to comment Share on other sites More sharing options...
Geotex Posted April 8, 2005 Share Posted April 8, 2005 can some one give me some advice on securing the admin pages? /admin/index.php ??? <{POST_SNAPBACK}> Here is a contribution that works well for securing the order and customers sections of the Admin panel. Won't load down the server by offering ssl for all the stuff you really don't need it for. http://www.oscommerce.com/community/contributions,2274 GEOTEX from Houston, TX (George) Link to comment Share on other sites More sharing options...
♥Vger Posted April 8, 2005 Share Posted April 8, 2005 If you have a full ssl cert installed then you can completely secure the 'admin' area in this way. In admin/includes/configure.php for http_server and http_catalog_server set them to https://www.yourdomain.com or https://yourdomain.com (whichever way the cert was issued). If your server is modern and a Unix or Linux server then you can also drop this piece of code into the .htaccess file in the admin folder: SSLRequireSSL ErrorDocument 403 https://www.yourdomain.com/admin/ Vger I have an SSL certificate installed, so when the customer log on, http:// will change to https:// and my page has the lock symbol. but if I go http://.. /catalog/admin, it stays as http:// with the following warning in the Admin index page: "You are not protected by a secure SSL connection." Only if I use https://../catalog/admin, then see massage saying: "You are protected by a 128-bit secure SSL connection." with the lock symbol. How can I configure the system to use SSL connection to the Admin index page no matter which method (http:// or https://)? Just like how the catalog pages behave. BTW, the suggested adding the S on this line in the catalog/admin/includes/configure.php did not make this happen define('HTTP_SERVER', 'httpS://myip'); Thanks. <{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.