Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Renaming /includes directory?


Guest

Recommended Posts

Is it not wise to rename the /includes directory to something else?

 

My point being if you made it harder for a hacker to know you were running Oscommerce, that would be better.

 

If so, which files to edit?

Link to comment
Share on other sites

I suppose it could be done, but it's a lot of work for dubious value. Just about every file has require('includes/application_top.php');, which has to be hardcoded with whatever name you choose. Ditto on the admin side. Many files hardcode includes/classes/, includes/functions/, etc. You could either change them with a new hardcoded name, or create an INCLUDES define in application_top.php and use that to build paths (similar to DIR_WS_ADMIN). Or, you could build an INCLUDES_CLASSES, INCLUDES_FUNCTIONS, etc. and use those, rather than scattering hardcoded paths throughout the product.

 

What would you hope to gain out of this? No one should be able to see the includes directory (files or their content) from the outside. If they guess that it's osC, I suppose they might be able to do something with that information, such as run injected files, but if you've got alien files planted on your site, you have bigger things to worry about than whether they're using your includes files!

 

The whole point of changing the name of admin is to make it very difficult to run admin scripts (if you don't know the path to the script). There should be nothing in includes to run by itself. You can always turn off indexing or add a dummy index.html, if you don't want hackers listing the files in your includes directory. As far as confusing hackers, if you've got a store that doesn't externally claim to be osC, they'll throw everything at it to see what gets in, including any hacks known for osC (as well as other carts). It won't slow them down much to hide the fact that it's osC powered.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...