Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Insecure administration panel


BPW

Recommended Posts

I have installed osCommerce onto my webiste via FTP and recently realized a big security flaw with the system. I am able to go to "mydomain.com/shop/admin" and view/use the administration panel without logging in from any computer, anywhere, anytime. I would like to have some sort of security or login on the administration panel so random visitors can't just change my store around. Is there a way to do this? Is this a common issue with osCommerce?

 

Thanks,

Brian

Link to comment
Share on other sites

Yes OSC does not make your directory secure you have to do that on your own

 

do you know if your server provides a secure folder?>

 

 

if not i will try to help you out

at the end of the day the code will be good

Link to comment
Share on other sites

By secure folder do you mean one protected with an SSL certificate or a folder with 644 permissions?

 

Thanks :)

 

Try this:

http://www.oscommerce.com/forums/index.php?sho...mp;#entry910071

BACKUP your current files before editing. Did I mention to BACKUP your current files, first?

 

"I'm not a hero, I'm a firefighter; it is my job to save lives. I'm a Jesus Christ Firefighter saving souls from the flames!"

 

Installed contribs: Almost XP Buttons *** Attribute Sort *** Auto Thumbnail Change *** Column Product Listing (for SPPC v4.0) *** Contact Us Registered *** Country-State Selector 1.3.3J *** CC# Db Mask 1.3 *** Email Order Clickable Link *** Extra Images *** Linkpoint API CVM *** Loginbox Best *** New Spiders *** New Attrib Mgr v.5.0 w/ New Attrib Include *** Multi Product Update *** MySQL Cron *** Pricing per Category *** Product Listing in Columns v2.2 [later upgraded to CPL(SPPC)] *** Product Sort v1.6 *** Seperate Pricing Per Customer v4.15 *** Simple Down for Maintenance [Gokou] *** Ultimate_SEO_URLs_v2.2.2 *** UPS Worldship Export 1.3 *** Welcome Email username & password

Link to comment
Share on other sites

By secure folder do you mean one protected with an SSL certificate or a folder with 644 permissions?

 

Thanks :)

 

No, I mean that the server ask for a username and password

at the end of the day the code will be good

Link to comment
Share on other sites

No, I mean that the server ask for a username and password

 

That is what the .htaccess and .htpasswd do...

if you use CPanel simply go to "password protect directories" and it will create the .htaccess and .htpasswd for you... else search online for instructions.

BACKUP your current files before editing. Did I mention to BACKUP your current files, first?

 

"I'm not a hero, I'm a firefighter; it is my job to save lives. I'm a Jesus Christ Firefighter saving souls from the flames!"

 

Installed contribs: Almost XP Buttons *** Attribute Sort *** Auto Thumbnail Change *** Column Product Listing (for SPPC v4.0) *** Contact Us Registered *** Country-State Selector 1.3.3J *** CC# Db Mask 1.3 *** Email Order Clickable Link *** Extra Images *** Linkpoint API CVM *** Loginbox Best *** New Spiders *** New Attrib Mgr v.5.0 w/ New Attrib Include *** Multi Product Update *** MySQL Cron *** Pricing per Category *** Product Listing in Columns v2.2 [later upgraded to CPL(SPPC)] *** Product Sort v1.6 *** Seperate Pricing Per Customer v4.15 *** Simple Down for Maintenance [Gokou] *** Ultimate_SEO_URLs_v2.2.2 *** UPS Worldship Export 1.3 *** Welcome Email username & password

Link to comment
Share on other sites

I've looked online but have been unable to find anything regarding this and how to fix it. Does anybody have any suggestions or has anyone else here encountered this problem and came up with a solution?

 

Thanks,

Brian

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...