BPW Posted August 9, 2006 Share Posted August 9, 2006 I have installed osCommerce onto my webiste via FTP and recently realized a big security flaw with the system. I am able to go to "mydomain.com/shop/admin" and view/use the administration panel without logging in from any computer, anywhere, anytime. I would like to have some sort of security or login on the administration panel so random visitors can't just change my store around. Is there a way to do this? Is this a common issue with osCommerce? Thanks, Brian Link to comment Share on other sites More sharing options...
MoisesZaragoza Posted August 9, 2006 Share Posted August 9, 2006 Yes OSC does not make your directory secure you have to do that on your own do you know if your server provides a secure folder?> if not i will try to help you out at the end of the day the code will be good Link to comment Share on other sites More sharing options...
BPW Posted August 10, 2006 Author Share Posted August 10, 2006 By secure folder do you mean one protected with an SSL certificate or a folder with 644 permissions? Thanks :) Link to comment Share on other sites More sharing options...
jhsands Posted August 10, 2006 Share Posted August 10, 2006 By secure folder do you mean one protected with an SSL certificate or a folder with 644 permissions? Thanks :) Try this: http://www.oscommerce.com/forums/index.php?sho...mp;#entry910071 BACKUP your current files before editing. Did I mention to BACKUP your current files, first? "I'm not a hero, I'm a firefighter; it is my job to save lives. I'm a Jesus Christ Firefighter saving souls from the flames!" Installed contribs: Almost XP Buttons *** Attribute Sort *** Auto Thumbnail Change *** Column Product Listing (for SPPC v4.0) *** Contact Us Registered *** Country-State Selector 1.3.3J *** CC# Db Mask 1.3 *** Email Order Clickable Link *** Extra Images *** Linkpoint API CVM *** Loginbox Best *** New Spiders *** New Attrib Mgr v.5.0 w/ New Attrib Include *** Multi Product Update *** MySQL Cron *** Pricing per Category *** Product Listing in Columns v2.2 [later upgraded to CPL(SPPC)] *** Product Sort v1.6 *** Seperate Pricing Per Customer v4.15 *** Simple Down for Maintenance [Gokou] *** Ultimate_SEO_URLs_v2.2.2 *** UPS Worldship Export 1.3 *** Welcome Email username & password Link to comment Share on other sites More sharing options...
MoisesZaragoza Posted August 10, 2006 Share Posted August 10, 2006 By secure folder do you mean one protected with an SSL certificate or a folder with 644 permissions? Thanks :) No, I mean that the server ask for a username and password at the end of the day the code will be good Link to comment Share on other sites More sharing options...
jhsands Posted August 10, 2006 Share Posted August 10, 2006 No, I mean that the server ask for a username and password That is what the .htaccess and .htpasswd do... if you use CPanel simply go to "password protect directories" and it will create the .htaccess and .htpasswd for you... else search online for instructions. BACKUP your current files before editing. Did I mention to BACKUP your current files, first? "I'm not a hero, I'm a firefighter; it is my job to save lives. I'm a Jesus Christ Firefighter saving souls from the flames!" Installed contribs: Almost XP Buttons *** Attribute Sort *** Auto Thumbnail Change *** Column Product Listing (for SPPC v4.0) *** Contact Us Registered *** Country-State Selector 1.3.3J *** CC# Db Mask 1.3 *** Email Order Clickable Link *** Extra Images *** Linkpoint API CVM *** Loginbox Best *** New Spiders *** New Attrib Mgr v.5.0 w/ New Attrib Include *** Multi Product Update *** MySQL Cron *** Pricing per Category *** Product Listing in Columns v2.2 [later upgraded to CPL(SPPC)] *** Product Sort v1.6 *** Seperate Pricing Per Customer v4.15 *** Simple Down for Maintenance [Gokou] *** Ultimate_SEO_URLs_v2.2.2 *** UPS Worldship Export 1.3 *** Welcome Email username & password Link to comment Share on other sites More sharing options...
BPW Posted August 11, 2006 Author Share Posted August 11, 2006 I've looked online but have been unable to find anything regarding this and how to fix it. Does anybody have any suggestions or has anyone else here encountered this problem and came up with a solution? Thanks, Brian Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.