DANYEYI Posted December 11, 2009 Posted December 11, 2009 hi there, i am adding a .htaccess file to my admin directory to add extra protection. i have created a .htaccess file with the following code and placed it in my admin directory: AuthUserFile /users/george/public_html/admin/.htpasswd AuthName "Title for Protected Site" AuthType Basic Require valid-user i have also created a .htpasswd file and also put it in the admin directory and all is working well, i would just like to know where is the best place to put the .htpasswd file? in /public_html/ or in my /admin/ directory? /public_html/ is the last folder i can upload to btw. also if aybody knows how to solve the double logging in problem i would be greatful. thanks in advanced dan
a.forever Posted December 15, 2009 Posted December 15, 2009 hi there, i am adding a .htaccess file to my admin directory to add extra protection. i have created a .htaccess file with the following code and placed it in my admin directory: AuthUserFile /users/george/public_html/admin/.htpasswd AuthName "Title for Protected Site" AuthType Basic Require valid-user i have also created a .htpasswd file and also put it in the admin directory and all is working well, i would just like to know where is the best place to put the .htpasswd file? in /public_html/ or in my /admin/ directory? /public_html/ is the last folder i can upload to btw. also if aybody knows how to solve the double logging in problem i would be greatful. thanks in advanced dan Probably /admin/ for convenience. Probably somewhere else for safer keeping. As for the double login: http://github.com/osCommerce/oscommerce2/commit/569917f654edab2b07bf61ab8caf2764ba1457c4 Also noted in this thread: http://www.oscommerce.com/forums/topic/340995-security-issue-with-admin-directory/ And change the name of your admin directory as well while you're at it.
♥mdtaylorlrim Posted December 15, 2009 Posted December 15, 2009 It is never a good idea to put it in the web space (IMHO.) If at all possible put it in a directory one level up from your web root and call it something obscure. For example, if your directory is... /var/web/username/public_html/catalog/admin/ then put the file in... /var/web/username/secure/.mysecuritycodes And of course, do not use admin as your admin directory. Rename it to something else, but follow the instructions to alter the config files at the same time. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
spooks Posted December 15, 2009 Posted December 15, 2009 htaccess password creation. Your best bet is to log into your hosting cpanel, select 'password protect directory', select your re-named admin dir & complete the process. That will create the correct files & place the files in correct places (..htpasswd outside the public dir) remember the .htpasswd contents have to be encrypted. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
DANYEYI Posted December 16, 2009 Author Posted December 16, 2009 thanks all for the comments! i dont have cpanel on my hosting account, so it has been placed in the renamed admin directory. thanks again! dan
♥FWR Media Posted December 17, 2009 Posted December 17, 2009 thanks all for the comments! i dont have cpanel on my hosting account, so it has been placed in the renamed admin directory. thanks again! dan I'm not entirely sure of whether this will work as I've never tried it, what I am certain of is that sensitive files MUST NOT be in the public space. If you don't have access below public_html and you have no panel to work with then the only solution I can think of is to put it out of the public space like .. /public_html/saferstuff/htpassword/ (low file permissions for the passwd try 400 or 444) I still think you'd be better of with propper hosting with a panel service of some kind. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
DANYEYI Posted December 17, 2009 Author Posted December 17, 2009 I'm not entirely sure of whether this will work as I've never tried it, what I am certain of is that sensitive files MUST NOT be in the public space. If you don't have access below public_html and you have no panel to work with then the only solution I can think of is to put it out of the public space like .. /public_html/saferstuff/htpassword/ (low file permissions for the passwd try 400 or 444) I still think you'd be better of with propper hosting with a panel service of some kind. right so if i put both the .htaccess file and .passwds file in my public_html/renamedadmin/ directory it would not be secure? dan
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.