Jump to content

Archived

This topic is now archived and is closed to further replies.

esm

Conflicting security warnings!

Recommended Posts

When I open the cart admin, I get this warning:

*****************************************************************

1. Edit this file: /home1/gbfenter/public_html/cart/catalog/admin/.htaccess

 

Remove the following lines if they exist:

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

 

2. Delete this file:

 

/home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

**************************************************************************

Those lines in the .htaccess file did not exist, so I did not have to remove them.

 

I deleted the .htpasswd_oscommerce file then I refreshed the page.

 

The new message reads:

 

Additional Protection With htaccess/htpasswd

 

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

 

The following files need to be writable by the web server to enable the htaccess/htpasswd security layer:

/home1/gbfenter/public_html/cart/catalog/admin/.htaccess

/home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

 

Reload this page to confirm if the correct file permissions have been set.

 

The .htaccess file permissions are set to 644, the .htpasswd_oscommerce has been deleted per the earlier message. So, what in the world is this?

 

Thanks,

 

Ed

Share this post


Link to post
Share on other sites

Its the message you get asking you to add htaccess to your admin section under configuration >> administration.

The permission for these 2 files are normally 666 as they need to be written to.

nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

No, the message did NOT ask me to add htaccess to the admin section.

 

It only asked that the htpasswd_oscommerce file had to be removed, which I did. Why then did the second message suggest to change the permission of a file that the first message asked me to remove. That does not make any sense at all.

Share this post


Link to post
Share on other sites

that message is not an error its giving you information.

if you have htaccess protection on via the osC admin, this gives you information to remove it....

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

removal form the htaccess file will prevent the code calling the file htpasswd_oscommerce to test for the password,

If you remove the above code then you may as well remove the password + user name combination too from htpasswd_oscommerce file.

just removing the htaccess code should prevent the message from showing up though

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

I did not have to remove those lines because they have NOT been in the file to begin with.

 

The htpassword_oscommerce file is 1) empty and, per the 1st message, 2) had been deleted.

 

Are we talking about different things here?

Share this post


Link to post
Share on other sites

it is only an information message. albeit a big one!!

You can remove the call to it if you prefer to , but its not an error (even if it does look very much like one) think of it more as a friendly warnig you do not have .htaccess enabled.

If you were to enable it then i would change to a smaller Green message

 

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

But I want to enable it! That was the whole point of this post in the first place!

Share this post


Link to post
Share on other sites

ok got to admin >> Configuration >> administrators >

Clcik your admin name there, and then "EDIT", not where it asks for a new password, enter your existing password and also tick the checbox under it, now update.

You should get an HTACCESS popup box asking for your details.

 

any type of error will be permissions related, set the two files to 666

 

Nic

 

And to be fair,it does not mention that in your post you want it enables it says yo have a conflicting message


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

OK, when I click on EDIT, it does ask me for a new password and there is no checkbox. I'm sure I'm doing something wrong here.

Share this post


Link to post
Share on other sites

i got it, it wont show becuase the files do not have write permissions, set the following to 666

admin / .htaccess

admin/ .htpasswd_oscommerce

 

The box will show then, learn something new every day!!

 

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

OK, bingo!

 

Set both files to 666 and the protection did work now!

 

Thanks a bunch, Nic

Share this post


Link to post
Share on other sites

One of the things that threw me off was the message to remove the htpasswd_oscommerce file.

Share this post


Link to post
Share on other sites

I did the same thing, replaced my administration.php but no bingo and no htaccess_oscommerce file, and no check mark in admin edit.....so not I am missing something...i must be the lamp post......Bill

Share this post


Link to post
Share on other sites

×