Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

osCommerce on nginx platform(minor question only)


gerardpacete

Recommended Posts

Hi everyone, sorry I'm a newbie here. I want to know how to get rid of Additional Protection With htaccess/htpasswd warning on admin pannel under configuration>>administrators.


 


I am using nginx not apache and thus .htaccess is not functioning.


 


Attached is the photo. post-335514-0-70388800-1428490048_thumb.png  


 


Its not a major problem actually but just a bit disturbing.


 


OsCommerce is running very well on my own server. Thumbs up guys and thanks!


LEMP Server Platform User/Administrator

Link to comment
Share on other sites

First, you should be using your hosting control panel's option to password protect the admin directory (and its children), if such a service is offered. It has the best odds of working properly for you, on your particular server platform. Only if no such protection is offered, should you try to use what is shipped with osC (which may require considerable rewriting, if you are not on an Apache server).
 
Second, /admin/administrators.php contains the code which gives you the warning. It attempts to read the DIR_FS_ADMIN/.htpasswd_oscommerce file, and if it does not exist, or does not contain certain information, it will give an error message. If you know for a fact that your admin is secured by other means, and need to eliminate the spurious error message, you could disable the check. Depending on your version, you might comment out most of the checks:
 

#  if (is_array($htpasswd_array)) {
#    if (empty($htpasswd_array)) {
#      $secMessageStack->add(sprintf(HTPASSWD_INFO, implode('<br />', $authuserfile_array)), 'error');
#    } else {
      $secMessageStack->add(HTPASSWD_SECURED, 'success');
#    }
#  } else if (!$is_iis) {
#    $secMessageStack->add(HTPASSWD_PERMISSIONS, 'error');
#  }

It's possible that other operations, such as updating (rewriting) the password file, may need to be disabled, but we'll cross that bridge when we come to it.

Link to comment
Share on other sites

@@MrPhil Thanks, I will try your suggestions. I am running my own server and I can customize it the way i need it.

 

As far as security issues is concerned, there will be no problem if i disable those security checks right?

 

I already tried to delete the .htaccess last time since my server does not actually impose its rules and I get those errors that you mentioned. Its just that i cannot keep my self disturbed seing those red and warning lines  B)

 

And I post here because maybe other have alternative ways instead of using .htaccess as secondary level protection.

 

I am not that expert in server supercomputers yet and still on the process of learning specially security layers. And all this open source community teach me a lot.

 

 

Thanks again and looking forward to contribute in this community soon.

LEMP Server Platform User/Administrator

Link to comment
Share on other sites

If you are running your own server to save money, you are very likely to be hacked. About 90% of running a server is keeping on top of the latest attacks and how to secure your system. From the questions you're asking, you don't sound very experienced on the security aspects of running a server exposed to the public. Good luck.

 

I don't think there's any harm in turning off the warning about password protection, provided that you are actually implementing some equivalent security measures. It's just there to remind you that your store is not as secure as it could be. It's not going to disable your store if it finds that you have no password protection.

Link to comment
Share on other sites

  • 3 weeks later...

If you are running your own server to save money, you are very likely to be hacked. About 90% of running a server is keeping on top of the latest attacks and how to secure your system. From the questions you're asking, you don't sound very experienced on the security aspects of running a server exposed to the public. Good luck.

 

I don't think there's any harm in turning off the warning about password protection, provided that you are actually implementing some equivalent security measures. It's just there to remind you that your store is not as secure as it could be. It's not going to disable your store if it finds that you have no password protection.

 

Thanks! I just remove all those red warning lines since htaccess is not valid on my server as well. :) But if you can advise further security measures for the store in NGINX that works like apache htaccess will be much appreciated :)

 

I am aware for security measures of server-side computing(although not so experienced yet) on NGINX platform though. And sometimes, I personally let attackers hack my system so i can be more wary of their ways and methods.  :-

 

 

For now, i will mark this thread solved as my question in full-details. 

 

 

Cheers bro! :beers:  :)

LEMP Server Platform User/Administrator

Link to comment
Share on other sites

Just as a side note/warning:

 

it is almost impossible to run osC (save) on nginx as it rely also for the

-includes folder,

-the images folder,

-the downloads folder

 

etc etc on htaccess.

 

So beside just your question for the admin.... be aware that these folders are also accessible.

Link to comment
Share on other sites

Just as a side note/warning:

 

it is almost impossible to run osC (save) on nginx as it rely also for the

-includes folder,

-the images folder,

-the downloads folder

 

etc etc on htaccess.

 

So beside just your question for the admin.... be aware that these folders are also accessible.

 

I appreciate your concern Sir but actually im running the osC on NGINX without any issues yet. I also secured the directories using NGINX http authentication. As i checked in the internet it is actually the same as apache .htacess or .htpassword security protection. :)

 

Thanks and Regards to all!!! :)

LEMP Server Platform User/Administrator

Link to comment
Share on other sites

For Update:

 

I already know how to set the NGINX http athentication to work just the way osC need it to. Now i changed back all the changes i made on administrator.php to check everything including the security feature and no more red warning signs :)

 

Thanks for your help guys and thanks for the security advises. That made me really think how to cope up with osC suggested security features  :sweating:

 

Cheers! :beers:

post-335514-0-01660800-1430238150_thumb.png

LEMP Server Platform User/Administrator

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...