Securing /htdocs/store/catalog/admin

12-15-04, 12:49 PM

I recently set up OsCommerce and I don't have the pink error messages at the top of the page so I suppose I followed the instructions fairly well, including the chmod instructions. However, now I'm concerned about securing the "admin" folder, or I'm just very confused. When I go to "mysite.com/+filemanager" and navigate to the htdocs/store/catalog/admin folder I see it says "Password Protected - No." But when I go to "mysqlXX.powweb.com" it DOES require me to enter a password so I think it really is secure. I'm lost.
I use FrontPage and I've seen a lot of conflicting advice about setting passwords using FP (somehow) or messing around with .htaccess. I don't know what to do next. Any help would be greatly appreciated.

stevel · 12-15-04, 02:42 PM

The MySQL access is something entirely different.

You need to establiish password protection for the admin folder. There is a .htaccess file already present in admin, you need to edit it to establish password protection as described at http://help.powweb.com/tutorials/hta...assprotect.php However, as you say you are using FP, I don't know how that conflicts and you';ll need to look in the FP section of the forum for help with that.

The other thing you may want to consider is renaming the admin folder to be something else that is hard to guess. You would have to edit the admin/includes/configure.php to adjust for that.

Lastly, remove admin/file_manager.php It doesn't work well and is a security problem should anyone gain access to your admin panel.

12-15-04, 03:31 PM

Thanks for the prompt reply. I'll get rid of file_manager.php right away and I'll try to follow the FrontPage-specific instruction on the tutorials link. I had actually seen and read that before posting but, as I said, I got confused about what password did what. Thanks again, I'm sure I'll be back with more questions.

12-15-04, 12:49 PM	#1
vgrieco Posts: n/a	Securing /htdocs/store/catalog/admin I recently set up OsCommerce and I don't have the pink error messages at the top of the page so I suppose I followed the instructions fairly well, including the chmod instructions. However, now I'm concerned about securing the "admin" folder, or I'm just very confused. When I go to "mysite.com/+filemanager" and navigate to the htdocs/store/catalog/admin folder I see it says "Password Protected - No." But when I go to "mysqlXX.powweb.com" it DOES require me to enter a password so I think it really is secure. I'm lost. I use FrontPage and I've seen a lot of conflicting advice about setting passwords using FP (somehow) or messing around with .htaccess. I don't know what to do next. Any help would be greatly appreciated.

12-15-04, 02:42 PM	#2
stevel XPW Join Date: Jun 2002 Location: New Hampshire, USA Posts: 9,464 Reputation: 265	The MySQL access is something entirely different. You need to establiish password protection for the admin folder. There is a .htaccess file already present in admin, you need to edit it to establish password protection as described at http://help.powweb.com/tutorials/hta...assprotect.php However, as you say you are using FP, I don't know how that conflicts and you';ll need to look in the FP section of the forum for help with that. The other thing you may want to consider is renaming the admin folder to be something else that is hard to guess. You would have to edit the admin/includes/configure.php to adjust for that. Lastly, remove admin/file_manager.php It doesn't work well and is a security problem should anyone gain access to your admin panel. __________________ Steve

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

12-15-04, 03:31 PM	#3
vgrieco Posts: n/a	Thanks for the prompt reply. I'll get rid of file_manager.php right away and I'll try to follow the FrontPage-specific instruction on the tutorials link. I had actually seen and read that before posting but, as I said, I got confused about what password did what. Thanks again, I'm sure I'll be back with more questions.