dubville Posted June 8, 2004 Share Posted June 8, 2004 Does anyone know how to make admin run on SSL and how to make it so admin is only accessable by myself? Link to comment Share on other sites More sharing options...
vasttech Posted June 8, 2004 Share Posted June 8, 2004 First, to enable SSL you have to have a certificate or access to a shared one on your host. Next you have to ENABLE_SSL in the admin/includes/configure.php file. As for password protection you can do that through .htaccess. Search the forums for further details as this question is asked almost daily. osCommerce Knowledge Base osCommerce Documentation Contributions Link to comment Share on other sites More sharing options...
Guest Posted June 8, 2004 Share Posted June 8, 2004 what do you do to make it secure in the config file? i see it says enable ssl catalog but nothing for the admin... it just has a path... do you just change the path? Link to comment Share on other sites More sharing options...
vasttech Posted June 8, 2004 Share Posted June 8, 2004 Sorry, been looking at this computer to long today. Yes just change the path for HTTP_SERVER to the https url. However, there is no reason to use SSL on the admin area. As long as it is password protected you are fine. There is nothing there that needs to be encrypted. osCommerce Knowledge Base osCommerce Documentation Contributions Link to comment Share on other sites More sharing options...
Guest Posted June 8, 2004 Share Posted June 8, 2004 yeah thats what i've been reading. so why do they have that feature there? Link to comment Share on other sites More sharing options...
♥ecartz Posted June 8, 2004 Share Posted June 8, 2004 Sorry, been looking at this computer to long today. Yes just change the path for HTTP_SERVER to the https url. However, there is no reason to use SSL on the admin area. As long as it is password protected you are fine. There is nothing there that needs to be encrypted.You mean besides the password? If you do not use SSL, then the admin password is passed plain text. Further, customers might not take kindly to the idea that their addresses and phone numbers do not need to be encrypted. Not to mention that the admin area has access to the credit card field of the database (which is where the normal cc module puts the credit card info by default). Cheers, Matt Always back up before making changes. Link to comment Share on other sites More sharing options...
Guest Posted June 8, 2004 Share Posted June 8, 2004 if its encrypted, then why is it bad to store cc numbers? i could see maybe if someone guessed your password and got in, but what if that was really complex too? Link to comment Share on other sites More sharing options...
usmedia Posted June 9, 2004 Share Posted June 9, 2004 Glad I found this thread folks! I have spent the last 2 days securing my site with my shared SSL. All seems to we working perfectly on the user side of the catalog. I too was hoping to secure that admin side. I got it secured so that all throughout the admin I was in an SSL session. HOWEVER, when I went into backup, I got the error that the directory did not exist (/backups) because it was looking in the username path for the domain that holds the certicficate. mine would have been /home/turtlesm/catalog/admin/backups/ but it was looking in /home/upstatew/catalog/admin/backups instead. I looked around for a way to change the backup storage path but had no luck and promptly reversed what I had done to encrypt the admin area. I have to log into the admin, but I would like to encrypt it due to the possibility of packet sniffers intercepting my credit card numbers while i am viewing them in admin. If anyone of you OSC geniuses (i obviously am not...but trying) has any idea, I sure would appreciate it. From the looks of it, a few others could use the tip as well. Thanks in advance. This forum is the key to living in harmony with OSC. I love it! John Link to comment Share on other sites More sharing options...
♥ecartz Posted June 9, 2004 Share Posted June 9, 2004 John, I would try replacing all occurrences of DIR_FS_DOCUMENT_ROOT in admin/includes/configure.php with '/home/upstatew/turtlesm'. If that doesn't work, could you post the DIR_FS entries from your admin/includes/configure.php ? Thanks, Matt Always back up before making changes. Link to comment Share on other sites More sharing options...
♥ecartz Posted June 10, 2004 Share Posted June 10, 2004 Another possible value to use in place of FS_DOCUMENT_ROOT is '/home/turtlesm' Hth, Matt Always back up before making changes. Link to comment Share on other sites More sharing options...
dubville Posted June 10, 2004 Author Share Posted June 10, 2004 Sorry, been looking at this computer to long today.? Yes just change the path for HTTP_SERVER to the https url.? However, there is no reason to use SSL on the admin area.? As long as it is password protected you are fine.? There is nothing there that needs to be encrypted. My admin isn't password protected. The company i bought it from says they need to add a couple files and want to charge me 40 beans extra. Is there anything I can do to make the admin password protected. Honestly i don't know anything about writing code, and I am trying to keep this as user friendly as possible. Link to comment Share on other sites More sharing options...
GraphicsGuy Posted June 10, 2004 Share Posted June 10, 2004 There are contributions for doing just that. http://www.oscommerce.com/community/contributions,1828 http://www.oscommerce.com/community/contributions,1174 Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.