Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Lapse Horror?


PrettyPink

Recommended Posts

Hi!

 

We are running a oscommerce based website that offers downloadable software components. Recently, one of our prospects inadvetantly revealed that he has already downloaded some .php files (actually, files for a custom payment gateway) that he could lay hands on! (files that were actually a part of our own site's payment processing system .. in /includes/modules/payment/ .. not the ones in /download/ folder).

 

This was quite a bolt from the blue for us. If I could, I could give a link to the site here itself .. but I would not, because that is against the forum rules! Could you pls. point out what all could have been wrong in using oscommerce for offering such solutions and our demos?

 

From our side, we have given appropriate permissions (444) all the way and have also secured our admin folder with .htaccess based password protection.

 

Any help would be most appreciated.

 

Rgds

PP

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...