HTTP Authentication

[CincyTom]

After an apparently successful installation of V2.3.4 I get a warning that HTTP has not been authenticated for administration tool. There's nothing in the documentation that discusses this. How do I resolve this? Everything else in the security check and database permissions pass.

[muchad]

How do I secure oscommerce from hackers?

[muchad]

Is there a list of basic security measures I should carry out to protect my store? Thanks.

[Jack_mcs]

@@CincyTom You are probably referring to the additional security option. If not enabled, there is an on-page login. If you enable it, there is also a popup login. You just have to check the "Protect With htaccess/htpasswd" box when you edit the login. But I don't recommend using that procedure since the logins are the same and most sites don't force, or have, an ssl connection. See this thread for how to properly protect the admin. It is more secure to have the two logins but the logins need to be different. So you should create the popup login yourself. Most control panels have this option but there is an easy way to do It here, if not.

[MrPhil]

@@muchad, please do not hijack an existing discussion for a different subject. You should start your own thread.

[CincyTom]

Thank you, Jack_mcs. I did click on the additional admin security and thought that a bit redundant. What I'm referring to is the list of security checks generated from the Admin Tools. The first check, "Admin HTTP Authentication" reports: "HTTP Authentication has not been set up for the osCommerce Administration Tool - please set this up in your web server configuration to further protect the Administration Tool from unauthorized access." I don't recall anything in the installation process for doing this. I'll follow your links and see if these help. Thanks.