urbancubed Posted January 12, 2006 Posted January 12, 2006 hello... i was wondering if someone could direct me with securing my site. for example, i understand that it is a good idea to change the 'admin' directory name. If i change it in ftp, then would i have to change any paths within any files? what else do you guys recommend to secure a site? i would appreciate your feedback. :)
TheMJ Posted January 12, 2006 Posted January 12, 2006 From what I've seen, osCommerce is inherently secure. It won't allow HTML comments (XSS). It doesn't execute arbitrary code. (Enter Date: June 3rd 1991; rm -rf *) The reason you would want to rename ther admin dir is so that it would not be as vulnerable to password cracking. (brute force, wordlist, dictionary). The more important thing there is to choose long, hard to guess passwords. The only other thing I can think of ATM is to never change the file extension of a php page. For exammple: you add a "master password" to login.php so that you can change the password of customers on request. You back it up to login.php.bak. Now, anyone who types login.php.bak into their browser will be prompted to dowload the source code of your login page, master password and all.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.