Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Does a hard coded password do anything? also SSL


pick1e

Recommended Posts

I implemented a shopping cart years ago before osc was around. They had a second password for the admin that was coded into the login file. Each user entered two passwords- their own, and then the coded one. I guess this was a level of protection in case someone managed to access to the database but would prevent them from logging on as an admin.

 

I'm thinking that nowadays by password protecting the admin directory on the server accomplishes the same thing? Just curious.

 

Furthermore, shouldn't I force access to the admin via SSL so my passwords won't be flying around the interweb? Does osc have a way to do that or is that done at the server?

 

Thanks again.

--------------------------------

Justin

 

osC is awesome. Thanks everyone.

Link to comment
Share on other sites

im not sure that this is such a great idea as it might be visible via the page source in all likely hood if someone has hacked into your Database then there would be little point logging into the store as all info is taken from the database in the first place.

Yes you should make the admin folder SSL and of course rename it from admin!

This add on will add htaccess protection to your admin folder if you wanted to use htaccess but still only log in the once

http://addons.oscommerce.com/info/7170

If you would like two passwords then yes, add another layer with Cpanel htaccess, this has an added benefit of the htpsswd file being far away from the actual install

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

im not sure that this is such a great idea as it might be visible via the page source in all likely hood if someone has hacked into your Database then there would be little point logging into the store as all info is taken from the database in the first place.

Yes you should make the admin folder SSL and of course rename it from admin!

This add on will add htaccess protection to your admin folder if you wanted to use htaccess but still only log in the once

http://addons.oscommerce.com/info/7170

If you would like two passwords then yes, add another layer with Cpanel htaccess, this has an added benefit of the htpsswd file being far away from the actual install

Nic

 

Cool, that's what I was thinking. Thanks for the info. I have already renamed the admin and password protected it with the server's control panel. Any info on how to go about forcing SSL for the control panel? Is this done through osC code or in the server's control panel? I need to force it because I have other admins I don't trust to use https always.

 

Thanks

--------------------------------

Justin

 

osC is awesome. Thanks everyone.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...