Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How else to secure Admin?


Lavarock

Recommended Posts

I got a hosting account through "MyDomain.Com". All in all, it works great, they offer an OsCOmmerce and install that preconfigures the catalog and MySQL paswords, etc.

 

After getting my store copied over and going into their control panel I found that although there are icons for passwor-protected directories, they don't support .htaccess or any other way to password-protect files or directories.

 

I also appear not to have any telnet access to the server.

 

I do not feel comfortable renaming ADMIN to a random leter-digit named directory, but that may be what I have to do. Is this secure enough considering I will have my account information for my payment gateway???

 

My next idea was to load my ADMIN directory on some other server and fully qualify the SQL database reference to my current store database. That way the URL for my store (http://mystore.com) would have an admin access at maybe (http://someotherserver.com/admin-qwerty). Unfortunately, MyDomain says that they only allow access to MySQL from their localhost.

 

My question to everyone here is:

 

What else can I do to protect the Admin if I can't password protect the directory and can not relocate the directory far far away?

 

If I can't fand a good solution, I'll change hosting sites.

Link to comment
Share on other sites

Just as a side note, you cannot protect directories with that contribution, only the Admin function. So if installing something such as the Batch Order Center contribution which creates a pdf file sometimes containing CC#'s, someone could access that file after its generated.

Kenneth S

--------------

Customer "Are you a real programmer?"

Me "No, but I did stay at a Holiday Inn Express last night"

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...