Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How do I make admin secure?


dubville

Recommended Posts

First, to enable SSL you have to have a certificate or access to a shared one on your host. Next you have to ENABLE_SSL in the admin/includes/configure.php file. As for password protection you can do that through .htaccess. Search the forums for further details as this question is asked almost daily.

Link to comment
Share on other sites

what do you do to make it secure in the config file? i see it says enable ssl catalog but nothing for the admin... it just has a path... do you just change the path?

Link to comment
Share on other sites

Sorry, been looking at this computer to long today. Yes just change the path for HTTP_SERVER to the https url. However, there is no reason to use SSL on the admin area. As long as it is password protected you are fine. There is nothing there that needs to be encrypted.

Link to comment
Share on other sites

Sorry, been looking at this computer to long today.  Yes just change the path for HTTP_SERVER to the https url.  However, there is no reason to use SSL on the admin area.  As long as it is password protected you are fine.  There is nothing there that needs to be encrypted.
You mean besides the password? If you do not use SSL, then the admin password is passed plain text. Further, customers might not take kindly to the idea that their addresses and phone numbers do not need to be encrypted. Not to mention that the admin area has access to the credit card field of the database (which is where the normal cc module puts the credit card info by default).

 

Cheers,

Matt

Always back up before making changes.

Link to comment
Share on other sites

if its encrypted, then why is it bad to store cc numbers? i could see maybe if someone guessed your password and got in, but what if that was really complex too?

Link to comment
Share on other sites

Glad I found this thread folks!

 

I have spent the last 2 days securing my site with my shared SSL. All seems to we working perfectly on the user side of the catalog.

 

I too was hoping to secure that admin side. I got it secured so that all throughout the admin I was in an SSL session. HOWEVER, when I went into backup, I got the error that the directory did not exist (/backups) because it was looking in the username path for the domain that holds the certicficate.

 

mine would have been /home/turtlesm/catalog/admin/backups/ but it was looking in /home/upstatew/catalog/admin/backups instead.

 

I looked around for a way to change the backup storage path but had no luck and promptly reversed what I had done to encrypt the admin area. I have to log into the admin, but I would like to encrypt it due to the possibility of packet sniffers intercepting my credit card numbers while i am viewing them in admin.

 

If anyone of you OSC geniuses (i obviously am not...but trying) has any idea, I sure would appreciate it. From the looks of it, a few others could use the tip as well.

 

Thanks in advance. This forum is the key to living in harmony with OSC. I love it!

 

John

Link to comment
Share on other sites

John, I would try replacing all occurrences of DIR_FS_DOCUMENT_ROOT in admin/includes/configure.php with '/home/upstatew/turtlesm'.

 

If that doesn't work, could you post the DIR_FS entries from your admin/includes/configure.php ?

 

Thanks,

Matt

Always back up before making changes.

Link to comment
Share on other sites

Sorry, been looking at this computer to long today.? Yes just change the path for HTTP_SERVER to the https url.? However, there is no reason to use SSL on the admin area.? As long as it is password protected you are fine.? There is nothing there that needs to be encrypted.

 

 

My admin isn't password protected. The company i bought it from says they need to add a couple files and want to charge me 40 beans extra. Is there anything I can do to make the admin password protected. Honestly i don't know anything about writing code, and I am trying to keep this as user friendly as possible.

Link to comment
Share on other sites

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...