Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Oscommerce package security

tpad

By tpad
in General Support

Recommended Posts

tpad

tpad

Posted
Posted

Hello,

Developers and Newbies, Juniors and Seniors, I would like to know what the security problems are with the oscommerce package.

I mean, I have read some threads on "got hacked" problems and it seems it is rather unprotection of folders (non-CHMOD'd properly folders) and shared hosting hacks.

 

I would really apreciate knowing if there is anything to be aware of other than just file permissions and .htaccess files.

 

Thank you very much in advance.

 

~tpad

FWR Media

♥FWR Media

Posted
Posted
Hello,

Developers and Newbies, Juniors and Seniors, I would like to know what the security problems are with the oscommerce package.

I mean, I have read some threads on "got hacked" problems and it seems it is rather unprotection of folders (non-CHMOD'd properly folders) and shared hosting hacks.

 

I would really apreciate knowing if there is anything to be aware of other than just file permissions and .htaccess files.

 

Thank you very much in advance.

 

~tpad

 

oscommerce was originally written based on register globals on which in a sloppily coded environment spells disaster.

 

The quality of coding of oscommerce was such that this software has suffered very few "known hacks" even in the globals on environment.

 

The current downloadable version is register globals OFF I really don't think you should be worried about script security.

 

Once you start adding contributions that are not "policed" by the core code .. then you may start to have issues.

 

If you are on a shared server then worry generically, if it is an insecure shared server then just buy the hackers a cup of coffee as they pass through.

 

There are security contributions like security pro and one for reporting of file changes and quite a few others that are recommended (there are posts here on this forum detailing them (I think Spooks wrote one).

Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls

 

KissMT Dynamic SEO Meta & Canonical Header Tags

 

KissER Error Handling and Debugging

 

KissIT Image Thumbnailer

 

Security Pro - Querystring protection against hackers ( a KISS contribution )

 

If you found my post useful please click the "Like This" button to the right.

Please only PM me for paid work.

tpad

tpad

Posted
  • Author
Posted

thanks Robert for sharing with me your opinion. However I started worrying when I first saw movies on youtube teaching script kiddies how to hack it.

 

I've seen many googling hacks written specifically for oscommerce. Many seem to find their way through the admin panel with few google searches.

 

I've already tried basic SQL Injection and it doesn't seem to work.

 

Thanks!

 

~tpad

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...