Security patches for 2.3?

[♥mdtaylorlrim]

Besides changing the name of the admin directory and password protecting it, what security patches need be installed for ver. 2.3?

[Mark Evans]

In theory none

 

Password protecting and renaming the admin folder are built into 2.3 and it has also been extensively scanned to find any other security vulnerabilities.

 

Of course if you want peace of mind you could install some of the other contributions but this is something you should risk asses a decide whats right for you.

[sucuri]

If you are on a shared host, check and double check your permissions. If you leave them to open, anyone sharing the same environment could

easily insert backdoors and new files in there...

 

thanks,

[manolohpm]

Hi.

 

I've just installed v2.3. and imported a DB from version 2.2. Everything is working fine.

 

Now I have do these changes:

 

- change admin folder name

- update this info in configure.php (both at ../admin/includes and ../includes)

- set permissions 444 for both configure.php files

 

Now when I try to enter to the admin site, I can't. So:

 

- I've deleted the content in "administrator" table via phpmyadmin

- I reenter admin site.

- Admin site reports there's no admin info, so I introduce new admin and password

 

But these values doesn't work either.

 

I must be forgetting something important. Do you have any idea?

 

Thanks. Manolo.

 

 

Note: I've posted this at:

* osCommerce Community Support Forums

* > osCommerce Online Merchant v2.x

* > Installation and Configuration

too, but I can't find the edit button to delete the text there.

Sorry for duplicating.