Jump to content

Archived

This topic is now archived and is closed to further replies.

pete2007

Security updates for v2.2 rc1

Recommended Posts

My website uses osc v2.2 rc1 unfortunately I have so many addons installed on the site its impossible to upgrade to the latest version.

 

Just wanted to know which security updates I should install to help keep the site as secure as it can be?

 

Thank you in advance

Share this post


Link to post
Share on other sites

@@pete2007 , nothing is impossible. I know this because I've been there and done that. First from 2.2 to 2.3 and recently from 2.3.4 to the new community bootstrap version.

 

I have more addon and customization than you could shake a stick at.... So to say.

 

That said. Assuming you are using htaccess on your admin and renamed your admin (to something random) you've done most all you can.

 

I only hope you don't store credit card info in your database.

Share this post


Link to post
Share on other sites

It's not just security issues. osC 2.2 is incompatible with most current PHP installations (5.4 and maybe 5.3), and needs to be fixed to keep running. Take a long, hard look at what you have for add-ons and custom modifications. Install a test copy of 2.3.4 (and a copy of the database) and see what's already built-in, what's available as add-ons, and what modifications you'll have to make to older add-ons. You may be pleasantly surprised at how little you'll need to do, especially if many of your old add-ons are there for layout issues (now handled mostly with CSS) rather than data and functionality. In the long run, it will be a lot less effort to migrate your data to a fresh 2.3.4 install (and stay fairly current) than to try to keep patching something as ancient as 2.2 RC1. If nothing else, getting up to date will force you to discover and review what add-ons you actually have (you've probably forgotten a few), and whether you still need them.

Share this post


Link to post
Share on other sites

@@pete2007 Like above - nothing is impossible.

 

I was using 2.2RC2a and updated to 2.3.4 - take a look at my profile for the mods I have installed and working, also take a look at this link for my update adventure: http://forums.oscommerce.com/topic/395359-modding-up-a-new-2334-install-documented/

 

I then used another route to make my site responsive rather than use the BS version.


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

I whole-heartedly agree with the sentiments here. I went from a 2.2 with lots of mods to bootstrap.It took me a while but was really worth it. Lots of help here and some inexpensive addons sorted me out.

Very worth the effort  :D

Share this post


Link to post
Share on other sites

@@pete2007 The best thing to do would be to upgrade as others have mentioned. But in answer to your question, there really aren't any security updates, to speak of, for your version. If you can find the rc2a version, you could upgrade to it and that would add a few. But security updates are never released for oscommerce as full packages so there will be many security holes in your shop that are not fixed by that upgrade. You can run your site through this security tester to see if there are any obvious security holes. And there are security-type addons like http://addons.oscommerce.com/info/4441 and osc sec, and others that will help, though those should be installed no matter which version of oscommerce you use.

Share this post


Link to post
Share on other sites

×