rodmc Posted March 18, 2006 Posted March 18, 2006 I now have a working store at www.mydomain.com/store, it is set up using the default install of OSCommerce, as part of this my login name and passwords are contained within various files. This and the fact that the site does not currently use any encryption worries me. In the case of the latter I am thinking of using SSL and buying a certificate. However it should be noted the site does not store any credit card details. In addition to the above issues a number of people have told me it is possible for people to look into the folders on the site and retrieve the content of the PHP files, thus making the site wide open. Anyway as I am new to OSCommerce and PHP I would be grateful if people could provide me with a list of known issues and if possible how to solve them. Any help is much appreciated. Thanks in advance, rod
♥Vger Posted March 18, 2006 Posted March 18, 2006 Go to downloads at www.oscommerce.com and download the updated MS2 which contains both a complete file set plus an html file which allows you to apply the updates manually. If you apply Password Protection using your web hosting control panel then the .htgroup and .htpasswd files should be stored outside of the web root, and on a properly set up web server the .htaccess file would be a hidden file. Again, on a properly set up server no one should be able to access any php files directly other than as someone visiting your website. If anyone can go to your site and view your includes/configure.php file then this would only happen because the server is not set up properly. Vger
satish Posted March 18, 2006 Posted March 18, 2006 I now have a working store at www.mydomain.com/store, it is set up using the default install of OSCommerce, as part of this my login name and passwords are contained within various files. This and the fact that the site does not currently use any encryption worries me. In the case of the latter I am thinking of using SSL and buying a certificate. However it should be noted the site does not store any credit card details. In addition to the above issues a number of people have told me it is possible for people to look into the folders on the site and retrieve the content of the PHP files, thus making the site wide open. Anyway as I am new to OSCommerce and PHP I would be grateful if people could provide me with a list of known issues and if possible how to solve them. Any help is much appreciated. Thanks in advance, rod the most important file is config.php which is in catalog and admin both. So rename those files and do modify the constant equivalent values with new file names. also set permission so that user can not read thiese files. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.