Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Concerns and How to Fix Them?


rodmc

Recommended Posts

Posted

I now have a working store at www.mydomain.com/store, it is set up using the default install of OSCommerce, as part of this my login name and passwords are contained within various files. This and the fact that the site does not currently use any encryption worries me. In the case of the latter I am thinking of using SSL and buying a certificate. However it should be noted the site does not store any credit card details.

 

In addition to the above issues a number of people have told me it is possible for people to look into the folders on the site and retrieve the content of the PHP files, thus making the site wide open.

 

Anyway as I am new to OSCommerce and PHP I would be grateful if people could provide me with a list of known issues and if possible how to solve them.

 

 

Any help is much appreciated.

 

Thanks in advance,

 

rod

Posted

Go to downloads at www.oscommerce.com and download the updated MS2 which contains both a complete file set plus an html file which allows you to apply the updates manually.

 

If you apply Password Protection using your web hosting control panel then the .htgroup and .htpasswd files should be stored outside of the web root, and on a properly set up web server the .htaccess file would be a hidden file.

 

Again, on a properly set up server no one should be able to access any php files directly other than as someone visiting your website. If anyone can go to your site and view your includes/configure.php file then this would only happen because the server is not set up properly.

 

Vger

Posted
I now have a working store at www.mydomain.com/store, it is set up using the default install of OSCommerce, as part of this my login name and passwords are contained within various files. This and the fact that the site does not currently use any encryption worries me. In the case of the latter I am thinking of using SSL and buying a certificate. However it should be noted the site does not store any credit card details.

 

In addition to the above issues a number of people have told me it is possible for people to look into the folders on the site and retrieve the content of the PHP files, thus making the site wide open.

 

Anyway as I am new to OSCommerce and PHP I would be grateful if people could provide me with a list of known issues and if possible how to solve them.

Any help is much appreciated.

 

Thanks in advance,

 

rod

 

the most important file is config.php which is in catalog and admin both.

So rename those files and do modify the constant equivalent values with new file names.

 

also set permission so that user can not read thiese files.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...