Jump to content


This topic is now archived and is closed to further replies.


Clarifing v 2.3.1 Security Setup (General List of To-Do's)

Recommended Posts

I've been poking around a bit on security tips for version 2.3.1. I see a pinned forum for 2.2 and wanted to clarify that my to-do's are sound and correct. If you don't consider yourself an authority of security setup, please refrain from commenting:


1.) Renaming the "admin" folder?

I've seen a few posts for earlier versions but nothing concrete for 2.3.1. My guess this is still recommended? If this is recommended, please clarify the application variables and their filenames (or line numbers) that need to be edited...


2.) I see in the technical specs that osCommerce runs on PHP4; as a matter of fact that is what is running for my installation. However, is it recommended to run it on PHP5? Since this is a fresh start shopping cart, I'd like to hit the ground running with the preferred PHP platform. My guess is to go ahead and upgrade... Not to mention, there are a few security add-ons that require php5 if I'm not mistaken...


3.) A curious question about domains and SSLs...

My current site architecture is:


http://my-site.com (domain forwarding applied for marketing purposes; can't change the forwarding until shopping cart and new Web site build-out is completed)


http://dev.my-site.com (being used for development purposes; wordpress)

https://shop.my-site.com (oscommerce 2.3.1)


With that in mind, I have purchased an SSL certificate and modified my config.php files according to some of the information found in these forums. when I visit the shop. site, i see an exclamation point on the security icon in the lower-right corner of my Firefox shell. The warning implies "This web site does not supply ownership information" and "Not verified." so my first question is whether or not the exclamation point is related to those two messages and two, if so, how do I correct that? My guess is that since I'm forwarding at the domain level to "ohgave.com" and my certificate is registered to "sohgave.com" that is the cause. Once I stop the forwarding the certificate will have the verification it needs to satisfy the security criteria correct?






"Surface the ship! Prepare to muster all personnel to escape hatches.

Break out the rafts. Lash them to the deck.

We'll use them as shelters until the fleet arrives."

Share this post

Link to post
Share on other sites

1) the whole world knows the default osCommerce admin folder is called ...... admin, scripts seek this out then once found try to invade. its a stupid idea calling your admin, admin!

2) best servered with php5 since years back, 2.2 MS was php4 then whe php 5 came out a lot of sites refused to work, 2.2 RC2a is php5 suitable but post 5.3 you will get depreciation warning and when php 6 arrives will not work, 2.3.1 is OK.

Sometimes you're the dog and sometimes the lamp post


My Contributions

Share this post

Link to post
Share on other sites