Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

/ext directory & HTTP Authentication


thumb

Recommended Posts

I know this has had to been asked a million times but searching showed exactly no results. How do I fix these security checks:

 

HTTP Authentication has not been set up for the osCommerce Administration Tool

and the /ext/ directory is publicly accessible and/or browsable - please disable directory listing for this directory in your web server configuration.

Link to comment
Share on other sites

  • 2 weeks later...

Note that many hosts no longer permit Options -Indexes in an .htaccess file, for security reasons. An alternative is to create an empty index.html file in that directory, or one that contains a cute message like "You lookin' at me? I said, are you lookin' at me?". The idea with any of these methods is that the system will no longer automatically generate an "index" file listing the directory contents. Be aware that any directories under /ext would need to get their own index.html files.

HTTP Authentication is supposed to ask you for an ID and password when you access "protected" areas of the site, such as the admin. osC supplies some suggested files to do this, but they don't work on many servers. Your hosting control panel ought to provide some sort of "password protect a directory" function, which will do the same thing. If you use your host's method, osC's security check might not recognize it, and claim you're unprotected. As long as you have to enter an ID and password to get into the admin, you can ignore osC's warning.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...