Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hosting company cannot password protect my SSL Directory.


jcaan

Recommended Posts

Hello all,

 

Please advise. My oscommerce shopping cart is hosted on a Windows server. I have figured out how to disable the frequent message: "Warning: session_write_close(); Your script is possbly running on..... session.php line 226"... by purchasing shared SSL from my hosting company.

 

The message has disappeared. I have moved my entire shop to the SSL folder, including my admin area. Now my admin says that I am protected by SSL - good sign.

 

No here's the problem. I would like to password protect my admin area so I get a popup to enter username and password. So I copied my .htaccess file from the admin directory from my .co.uk domain to the SSL. It has no effect. My hosting company says they have no way of password protecting my admin area. This is a potential problem.

 

Please help. Is there a work around for this security risk ?

 

Many thanks.

Link to comment
Share on other sites

Not an expert on Windows, just a few thoughts:

 

1. it's more important to password-protect your admin area, then it is have it under SSL- if you have to choose, choose password-protection. Without it, your shop is a sitting duck

 

2. osCom and Windows .... it's not a happy marriage. If you are still at the beginning of setting your shop up, you might want to consider switching to Apache Hosting. Choosing the right hosting company can make all the difference and osCom works best on Apache with the SSL on the same server.

 

PS: I find it hard to believe that your hosting company does not offer any kind of password protection. Okay, so .htaccess doesn't work on Windows, but surely they must have some other way of doing it??? I'd keep hassling them - either that, or moving to Apache.

 

all the best for your shop! Terra

My code for combining PayPal IPN with ** QTPro 4.25 ** osC Affiliate ** CCGV(trad)

and how to solve the invoice already paid error

General info: Allow customer to delete order comment ** FTP Programs & Text Editors ** Amending order email **

Link to comment
Share on other sites

Is there a work around for this security risk ?

 

The immediate thing you can do is to ftp to your site and rename the 'admin' folder to something unique (not admin2 or newadmin), and edit the two references in admin/includes/configure.php to /admin/ to /newname/

 

The next thing you need to do is to change hosting companies. There's no point in you building up a website only to have it trashed later by some hacker who gets into your admin panel and wreaks havoc.

 

Vger

Link to comment
Share on other sites

Not an expert on Windows, just a few thoughts:

 

1. it's more important to password-protect your admin area, then it is have it under SSL- if you have to choose, choose password-protection. Without it, your shop is a sitting duck

 

2. osCom and Windows .... it's not a happy marriage. If you are still at the beginning of setting your shop up, you might want to consider switching to Apache Hosting. Choosing the right hosting company can make all the difference and osCom works best on Apache with the SSL on the same server.

 

PS: I find it hard to believe that your hosting company does not offer any kind of password protection. Okay, so .htaccess doesn't work on Windows, but surely they must have some other way of doing it??? I'd keep hassling them - either that, or moving to Apache.

 

all the best for your shop! Terra

Link to comment
Share on other sites

Hello,

 

Thank you for your steady response. My hosting company doesnt cater for password protecting ssl. They said they find it strange that my ecommerce cant protect its own admin !

 

As a suggestion I have to use windows cgi script to protect my directory - I have no clue about cgi.

 

If I remove my admin directory (I have renamed it now) from the ssl folder and keep it protected on my normal site, it will stay protected. Now another mishap in question - what do I change in configure.php files in the /catalog and /admin so that all transactions are carried out in the ssl, but when I log on to the admin, it points to the protected directory on my normal site ?

 

Many thanks.

Link to comment
Share on other sites

They said they find it strange that my ecommerce cant protect its own admin !

Nothing strange - osCommerce is an Open Source project and as such uses open source tools like PHP, MySQL and Apache .htaccess protection. It's free and everybody can use it.

 

The problem only arises when you take an open source project and try to link it with Microsoft/Windows - it's like trying to get a fish on a bycicle, it just doesn't work very well.

 

My advice is to use the right tools for the right project - use Microsoft/Windows for ASP sites and their own shopping carts (and be prepared to pay for the privilge) and for free open source projects use Apache. The .htaccess is a great tool on Apache, does password protection perfectly and also allows you to use cool contribs like Chemo's Ultimate SEO URLs for rewriting your URLs to search-engine friendly format.

 

So - nothing strange, other that Microsoft doesn't like open source tools. I wonder why? I guess Bill Gates just isn't rich enough yet. :lol:

 

Terra

My code for combining PayPal IPN with ** QTPro 4.25 ** osC Affiliate ** CCGV(trad)

and how to solve the invoice already paid error

General info: Allow customer to delete order comment ** FTP Programs & Text Editors ** Amending order email **

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...