R08 Posted July 31, 2005 Share Posted July 31, 2005 Hi Guys, I've been customizing my site on my Windows machine using Apache and am coming near to the time when I'll want to get it online. At the moment I can just type "http://localhost/admin/" into my address bar to access the admin module (I have the store in my server's root directory). Is this going to happen when I put the site online? If so that would obviously be very bad, don't want Joe Public poking around deleting orders and so on... How do I go about locking down this directory so only I and my partner can access it? I.e. with a password or whatever?.. I'm sure this is a dumb noob question but searching for 'secure admin' produces nothing of any use on the forum. Any help with this one would be greatly appreciated. Cheers, Rob. Link to comment Share on other sites More sharing options...
Guest Posted July 31, 2005 Share Posted July 31, 2005 it all depends upon the server you are adding this to. most hosts have a cpanel/vdeck to password protect the directories. Link to comment Share on other sites More sharing options...
WisTex Posted August 1, 2005 Share Posted August 1, 2005 osCommerce for some reason does not provide any security for the admin. I am not sure why, since it can actually be done. You have to secure the admin via the server. In Apache, I believe you need to edit the .htaccess file and limit who can read that directory, and in IIS you need to set permissions on the admin folder so that anonymous users cannot read the folder. Or, if your webhost has a control panel, like Mibble said, you can secure it that way, which is usually just a fancy and easy-to-use front end for editing .htaccess or Windows permissions. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.