Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

location of the admin folder


charles

Recommended Posts

To all of you with a lot more working experience.

 

From a security standpoint, what is the best location for the admin folder, at peer level with the catalog folder

 

webroot

--- 'catalog'

--- 'admin'

 

or within the catalog folder

 

webroot

--- catalog files

---' admin'

 

which, except for a webroot index/default file to redirect to 'catalog', would basically be the same as

 

webroot

--- 'catalog'

------ 'admin'

 

or does it matter?

We stand in ignorance only for questions not asked. Plug up the leaks in your knowledge base and open up a flood of understanding.
Link to comment
Share on other sites

Not sure wether there are security benefits but I prefer it root level.

Just because of the clearness, I don't like private dirs that are nested in public dirs.

 

Since all restrictions you can use are on directory level (htaccess, apache config) it doesn't really matter I think.

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

1.put your admin folder into your catalog. You have to link from your admin panel into your catalog and thats the simplest way -> ../

 

2. use .htaccess (safest and best you can do)

Link to comment
Share on other sites

Well, mine was trying to answer your actual question :)

It does not matter from a security perspective, or at least I was unable to find any comments saying it would (just searched on it)

it's just what you prefer.

I prefer to have /admin and /catalog instead of /catalog/admin.

 

HTH

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

PS:

Having it like my preference does not affect the cart in any way,

nor any link from the admin AFAIK

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Thanks, Since I just lost my hard drive :roll: along with weeks of work, :cry: not only OSC but also :x ..., (and no, I didn't have a backup! :oops: ) I thought I'd try and do it "right" this time, :wink: having learned from a lot of mistakes :idea: (yes, I now have an external, removable 80 gig usb backup drive :lol: ).

 

It makes sense not to have admin in the catalog just in case someone hacks the security.

We stand in ignorance only for questions not asked. Plug up the leaks in your knowledge base and open up a flood of understanding.
Link to comment
Share on other sites

I'll put in my 2 cents and say that I have to agree with Mattice. Making your admin at root level completely separate from the catalog also allows you to name it "mystupidpettricks" or whatever you want and not have it be plainly evident that it is associated with the catalog in any way.

... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...