shoppingcart101 Posted April 18, 2007 Posted April 18, 2007 Hello Everyone...I recently installed an os commerce store and modified it but Anyone can get into the Admin section without using a user name and password. Scary!! But I have it on a test sever its not live yet. How do I enable the backend to Need a "User Name" & "Password" to log into it. Thanks for reading and for any help. BD
Guest Posted April 18, 2007 Posted April 18, 2007 Hello Everyone...I recently installed an os commerce store and modified it but Anyone can get into the Admin section without using a user name and password. Scary!! But I have it on a test sever its not live yet. How do I enable the backend to Need a "User Name" & "Password" to log into it. Thanks for reading and for any help. BD You can password protect from the control panel.
shoppingcart101 Posted April 18, 2007 Author Posted April 18, 2007 You can password protect from the control panel. Thanks for your help...but I fail to see where that option is within the Admin Control Panel. I looked through the "tools" and the "Configuration" sections. They seemed to be the obvious areas. Would you be able to direct me to which area? Thanks!! BD
oschellas Posted April 18, 2007 Posted April 18, 2007 If you have a control panel to manage your domain (not the admin panel from the shop), you probably can protect your admin folder with a password. You can also do this manually by adding an htacces / htpassword file to your admin folder. There are some contributions which enable protection for your admin, there is no protection with the standard version. When you choose htacces to protect your admin (weather or not through your hosting panel), be sure the ssl server allows this file to override the server settings. Otherwise your admin is only protected under the http protocol, but under the https protocol it is wide open (as I have seen with many sites). I would suggest to protect your admin with htaccess if you are an advanced user, otherwise it is better to search for a protection contribution which queries your database for the username and the password.
shoppingcart101 Posted April 18, 2007 Author Posted April 18, 2007 If you have a control panel to manage your domain (not the admin panel from the shop), you probably can protect your admin folder with a password. You can also do this manually by adding an htacces / htpassword file to your admin folder. There are some contributions which enable protection for your admin, there is no protection with the standard version. When you choose htacces to protect your admin (weather or not through your hosting panel), be sure the ssl server allows this file to override the server settings. Otherwise your admin is only protected under the http protocol, but under the https protocol it is wide open (as I have seen with many sites). I would suggest to protect your admin with htaccess if you are an advanced user, otherwise it is better to search for a protection contribution which queries your database for the username and the password. Thanks!! I went ahead and password protected the Admin folder from within the Domain Control Panel. Thanks for your Expert Guidance...I appreciate it! BD
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.