Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Securing the Administration Tool


samdel17

Recommended Posts

Posted

Hi!

 

I've just installed oscommerce application on one of my client's web server and I've noticed this one from the default hompage:

 

========================

Securing The Administration Tool

It is important to secure the Administration Tool as there is currently no security implementation available.

========================

 

I've noticed that the application was installedin the following path http://www.<myclients_website>.com/oscommerce/catalog/

 

and the admin can be found by simply adding that "admin" folder such as the following

http://www.<myclients_website>.com/oscommerce/catalog/

 

2 questions, is there anyway I can rename that "oscommerce" folder directory as I don't feel its a good idea to tell the wholeworld I'm using oscommerce*laughs*. I've noticed that some oscommerce website has no "oscommerce" folder instead their path is http://www.<myclients_website>.com/catalog/ or http://www.<myclients_website>.com/storefron/catalog/ how do I do that?

 

Secondly, how do I secure the "administration" tool as I noticed that any users can just access my admin page by simply adding "/admin" to http://www.<myclients_website>.com/oscommerce/catalog/.

 

Any help will be appreciated.

 

Thanks!

Sam

Posted

I have same issue as you this, I have searched this forum but cant find any results, if you find out how to solve the issues you mentioned then please let me know

Posted
Both of your questions have been answered multiple times. You will find plenty of information:

 

http://www.google.com/search?hl=en&q=renam...G=Google+Search

http://www.google.com/search?hl=en&lr=&q=p...com&btnG=Search

 

You can request clarification if you don't understand.

 

 

 

I have managed to sort change the names of the folders etc, I am testing OScommerce on my local host and I want to protect the admin folder and all the other folders, the above reply just tell you to protect your folders via your host, how can i protect all the folders that dont need to be seen. Also what are all these htt.access files. if they are to protect your folders then why dont they work. Thanks

Posted

If you want to protect your folders because you are on a shared computer, search your Windows help for password.

Other than that, your firewall should protect you from hacking.

Posted

the .htaccess work great, but they are not for your local system. When you veiw any folder with your web browser on a web server, the .htaccess files work flawlessly.

My Contributions

 

Henry Smith

Posted

Be aware that .htaccess doesn't work on Windows servers. You'll need to use the Password or Directory Protection feature in your web hosting control panel for Password Protection on Windows.

 

Vger

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...