cy Posted July 16, 2003 Share Posted July 16, 2003 Hi all. I am new to here, and i just successfully setup oscommerce, however 1 thing i notice is that anyone can access my admin page by typing http://mysite/admin/index.php, no need log in or anything, is that normal? or i m missing something here? I don't see any administor account or anything so that i can gain the protection. This is really important because people will be handing their credit card information to a website that doesn't have security for admin panels. Thanks for any help in advance! Link to comment Share on other sites More sharing options...
Wizzud Posted July 16, 2003 Share Posted July 16, 2003 Use .htaccess & .htpasswd files. Your ISP usually provides the ability for you to protect folders with a user id and password, and will do so by constructing and placing these files in the folder in question. Regards, Wizzud "It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt." Link to comment Share on other sites More sharing options...
cy Posted July 16, 2003 Author Share Posted July 16, 2003 can you give me more detail how to configure those files? I hosted oscommerce on my apache server. Thanks for any help Link to comment Share on other sites More sharing options...
Guest Posted July 16, 2003 Share Posted July 16, 2003 You may be better off adding to the directory definition in httpd.conf if you run your own server (and leaving .htaccess turned off for performance reasons). Here is one thread about .htaccess and .htpasswd. Here is a thread with instructions for doing this in httpd.conf. Good luck, Matt Link to comment Share on other sites More sharing options...
sneakyimp Posted July 17, 2003 Share Posted July 17, 2003 i'm assuming you're using UNIX or LINUX...you have to change your HTTPD.CONF file for apache...add this: <Directory /path/to/html/directory/> AllowOverride All </Directory> into /etc/apache/httpd.conf in the vhost section for that domain and restart apache. then you go to the ADMIN folder that you want to protect with a password and create a file named .HTACCESS...a text file with just this: AuthName "Mailinglist Administration" AuthType Basic AuthUserFile /path/to/password/file require valid-user note that the path to the password file is going to be something like: /home/domain/public/catalog/admin/.htpasswd the .HTPASSWD file gets created when you do this next step....login to the machine and CD to the ADMIN directory and type this: htpasswd -c .htpasswd username you will be prompted for the password and then you should be all set. hope this helps :wink: FlashMOG - make multiplayer games in Flash/PHP! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.