jcaan Posted June 24, 2006 Posted June 24, 2006 Hello all, Please advise. My oscommerce shopping cart is hosted on a Windows server. I have figured out how to disable the frequent message: "Warning: session_write_close(); Your script is possbly running on..... session.php line 226"... by purchasing shared SSL from my hosting company. The message has disappeared. I have moved my entire shop to the SSL folder, including my admin area. Now my admin says that I am protected by SSL - good sign. No here's the problem. I would like to password protect my admin area so I get a popup to enter username and password. So I copied my .htaccess file from the admin directory from my .co.uk domain to the SSL. It has no effect. My hosting company says they have no way of password protecting my admin area. This is a potential problem. Please help. Is there a work around for this security risk ? Many thanks.
Terra Posted June 24, 2006 Posted June 24, 2006 Not an expert on Windows, just a few thoughts: 1. it's more important to password-protect your admin area, then it is have it under SSL- if you have to choose, choose password-protection. Without it, your shop is a sitting duck 2. osCom and Windows .... it's not a happy marriage. If you are still at the beginning of setting your shop up, you might want to consider switching to Apache Hosting. Choosing the right hosting company can make all the difference and osCom works best on Apache with the SSL on the same server. PS: I find it hard to believe that your hosting company does not offer any kind of password protection. Okay, so .htaccess doesn't work on Windows, but surely they must have some other way of doing it??? I'd keep hassling them - either that, or moving to Apache. all the best for your shop! Terra My code for combining PayPal IPN with ** QTPro 4.25 ** osC Affiliate ** CCGV(trad) and how to solve the invoice already paid error General info: Allow customer to delete order comment ** FTP Programs & Text Editors ** Amending order email **
♥Vger Posted June 24, 2006 Posted June 24, 2006 Is there a work around for this security risk ? The immediate thing you can do is to ftp to your site and rename the 'admin' folder to something unique (not admin2 or newadmin), and edit the two references in admin/includes/configure.php to /admin/ to /newname/ The next thing you need to do is to change hosting companies. There's no point in you building up a website only to have it trashed later by some hacker who gets into your admin panel and wreaks havoc. Vger
jcaan Posted June 24, 2006 Author Posted June 24, 2006 Not an expert on Windows, just a few thoughts: 1. it's more important to password-protect your admin area, then it is have it under SSL- if you have to choose, choose password-protection. Without it, your shop is a sitting duck 2. osCom and Windows .... it's not a happy marriage. If you are still at the beginning of setting your shop up, you might want to consider switching to Apache Hosting. Choosing the right hosting company can make all the difference and osCom works best on Apache with the SSL on the same server. PS: I find it hard to believe that your hosting company does not offer any kind of password protection. Okay, so .htaccess doesn't work on Windows, but surely they must have some other way of doing it??? I'd keep hassling them - either that, or moving to Apache. all the best for your shop! Terra
jcaan Posted June 24, 2006 Author Posted June 24, 2006 Hello, Thank you for your steady response. My hosting company doesnt cater for password protecting ssl. They said they find it strange that my ecommerce cant protect its own admin ! As a suggestion I have to use windows cgi script to protect my directory - I have no clue about cgi. If I remove my admin directory (I have renamed it now) from the ssl folder and keep it protected on my normal site, it will stay protected. Now another mishap in question - what do I change in configure.php files in the /catalog and /admin so that all transactions are carried out in the ssl, but when I log on to the admin, it points to the protected directory on my normal site ? Many thanks.
Terra Posted June 25, 2006 Posted June 25, 2006 They said they find it strange that my ecommerce cant protect its own admin ! Nothing strange - osCommerce is an Open Source project and as such uses open source tools like PHP, MySQL and Apache .htaccess protection. It's free and everybody can use it. The problem only arises when you take an open source project and try to link it with Microsoft/Windows - it's like trying to get a fish on a bycicle, it just doesn't work very well. My advice is to use the right tools for the right project - use Microsoft/Windows for ASP sites and their own shopping carts (and be prepared to pay for the privilge) and for free open source projects use Apache. The .htaccess is a great tool on Apache, does password protection perfectly and also allows you to use cool contribs like Chemo's Ultimate SEO URLs for rewriting your URLs to search-engine friendly format. So - nothing strange, other that Microsoft doesn't like open source tools. I wonder why? I guess Bill Gates just isn't rich enough yet. :lol: Terra My code for combining PayPal IPN with ** QTPro 4.25 ** osC Affiliate ** CCGV(trad) and how to solve the invoice already paid error General info: Allow customer to delete order comment ** FTP Programs & Text Editors ** Amending order email **
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.