Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

A couple of security questions.


blizeH

Recommended Posts

Hi, first of all I have a problem with the /admin directory. I would like to maybe add a password, or at least find a way of making it secure, what would you recommend as being the best way?

 

Also, on the admin control panel it says SSL is not enabled - will this be an issue if I'm only using PayPal? Or will I need it anyway? If so, how do I go about setting it up?

 

Thanks,

Nick Drew

Link to comment
Share on other sites

Suggest using your host cPanel or .htacess file to password protect your directory.

 

And/or:

 

Use Administration w/Access Level & Accounts 2.3

 

 

SSL is not needed in ADMIN for Paypal (As far as I can see).

 

However SSL is HIGHLY suggested. You will need a SSL certificate and install that (or your hosting provider may provide a shaired one for you to use).

 

Change the admin/includes/configure.php with the proper URLs and set SSL to true. (Suggest changing BOTH URL to your secure SSL URL).

 

There is MANY post here and else where that details how to install and use your SSL.

Link to comment
Share on other sites

The reasons to use SSL in admin:

 

1. Customers prefer that there data (phone number, address, etc.) be kept private.

 

2. If you are not using SSL, then your admin access password is sent in clear text and can be hijacked by anyone with access to your network traffic.

 

3. (This doesn't apply to you with PayPal.) Payment details like credit card are on the site.

 

Note that the first two are true of *all* osCommerce sites. The third is an issue for some, but the real problems are the first two, especially #2.

 

Hth,

Matt

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...