Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Administration security


cy

Recommended Posts

Hi all. I am new to here, and i just successfully setup oscommerce, however 1 thing i notice is that anyone can access my admin page by typing http://mysite/admin/index.php, no need log in or anything, is that normal? or i m missing something here? I don't see any administor account or anything so that i can gain the protection. This is really important because people will be handing their credit card information to a website that doesn't have security for admin panels.

Thanks for any help in advance!

Link to comment
Share on other sites

Use .htaccess & .htpasswd files. Your ISP usually provides the ability for you to protect folders with a user id and password, and will do so by constructing and placing these files in the folder in question.

Regards, Wizzud

"It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt."

Link to comment
Share on other sites

You may be better off adding to the directory definition in httpd.conf if you run your own server (and leaving .htaccess turned off for performance reasons). Here is one thread about .htaccess and .htpasswd. Here is a thread with instructions for doing this in httpd.conf.

 

Good luck,

Matt

Link to comment
Share on other sites

i'm assuming you're using UNIX or LINUX...you have to change your HTTPD.CONF file for apache...add this:

 

<Directory /path/to/html/directory/>

AllowOverride All

</Directory>

 

into /etc/apache/httpd.conf in the vhost section for that domain

and restart apache.

 

then you go to the ADMIN folder that you want to protect with a password and create a file named .HTACCESS...a text file with just this:

 

 

AuthName "Mailinglist Administration"

AuthType Basic

AuthUserFile /path/to/password/file

 

require valid-user

 

 

note that the path to the password file is going to be something like:

/home/domain/public/catalog/admin/.htpasswd

the .HTPASSWD file gets created when you do this next step....login to the machine and CD to the ADMIN directory and type this:

 

htpasswd -c .htpasswd username

 

you will be prompted for the password and then you should be all set.

 

hope this helps :wink:

FlashMOG - make multiplayer games in Flash/PHP!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...