Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Conflicting security warnings!


esm

Recommended Posts

When I open the cart admin, I get this warning:

*****************************************************************

1. Edit this file: /home1/gbfenter/public_html/cart/catalog/admin/.htaccess

 

Remove the following lines if they exist:

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

 

2. Delete this file:

 

/home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

**************************************************************************

Those lines in the .htaccess file did not exist, so I did not have to remove them.

 

I deleted the .htpasswd_oscommerce file then I refreshed the page.

 

The new message reads:

 

Additional Protection With htaccess/htpasswd

 

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

 

The following files need to be writable by the web server to enable the htaccess/htpasswd security layer:

/home1/gbfenter/public_html/cart/catalog/admin/.htaccess

/home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

 

Reload this page to confirm if the correct file permissions have been set.

 

The .htaccess file permissions are set to 644, the .htpasswd_oscommerce has been deleted per the earlier message. So, what in the world is this?

 

Thanks,

 

Ed

Link to comment
Share on other sites

No, the message did NOT ask me to add htaccess to the admin section.

 

It only asked that the htpasswd_oscommerce file had to be removed, which I did. Why then did the second message suggest to change the permission of a file that the first message asked me to remove. That does not make any sense at all.

Link to comment
Share on other sites

that message is not an error its giving you information.

if you have htaccess protection on via the osC admin, this gives you information to remove it....

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

removal form the htaccess file will prevent the code calling the file htpasswd_oscommerce to test for the password,

If you remove the above code then you may as well remove the password + user name combination too from htpasswd_oscommerce file.

just removing the htaccess code should prevent the message from showing up though

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

I did not have to remove those lines because they have NOT been in the file to begin with.

 

The htpassword_oscommerce file is 1) empty and, per the 1st message, 2) had been deleted.

 

Are we talking about different things here?

Link to comment
Share on other sites

it is only an information message. albeit a big one!!

You can remove the call to it if you prefer to , but its not an error (even if it does look very much like one) think of it more as a friendly warnig you do not have .htaccess enabled.

If you were to enable it then i would change to a smaller Green message

 

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

ok got to admin >> Configuration >> administrators >

Clcik your admin name there, and then "EDIT", not where it asks for a new password, enter your existing password and also tick the checbox under it, now update.

You should get an HTACCESS popup box asking for your details.

 

any type of error will be permissions related, set the two files to 666

 

Nic

 

And to be fair,it does not mention that in your post you want it enables it says yo have a conflicting message

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

  • 1 year later...

I did the same thing, replaced my administration.php but no bingo and no htaccess_oscommerce file, and no check mark in admin edit.....so not I am missing something...i must be the lamp post......Bill

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...