OSCommerce Admin not working!

[mresell]

Quote:

Originally Posted by Emilio

Is .htaccess enough to protect our store from hackers?
Does anybody use ikobo's payment contribution ?

.htaccess can hinder, but last I checked it was crackable, however, I think the crack counts on a real password and grp/usr directory. If your .htaccess has non existent grp/ user directories it will stop access and function... just have to remove/rename it for access.

[Emilio]

So after all, it can be considered a good protection option.

PS: ikobo looks good on the fees part and also for coverage. I want to include this service as a secondary payment gateway. Does anybody have experience with it ? Has anyone installed it's osc payment module ?

[mresell]

The more you put up the more diff you make it for crackers. The other thing w/ using passwords is, of course, the fact that they are often not encrypted via ssl or other means.

[Emilio]

Ok. So besides .htaccess, what is the best option to secure my folders ?

[mresell]

Depends on the folders. Make sure you have a blank index in folder, set permissions properly. Do some things need to be available via web or out of web reach? It is always a multipronged approach. I assure you security ain't that simple, but each aspect has to have specifics. SSL encrypts things in transit. Keep things out of proper bot range. However, if something is on the web there is only so much security to be had.

[Emilio]

So true ... I alread did what you said so I guess I'm prety secure ...

[ixie02]

Quote:

Originally Posted by Emilio

So true ... I alread did what you said so I guess I'm prety secure ...

Can't we have folders above the root that no one can access except the site itself such as scripts. Seems like I did this once but I'm not sure if it was with Vortec.

[mresell]

Quote:

Originally Posted by ixie02

Can't we have folders above the root that no one can access except the site itself such as scripts. Seems like I did this once but I'm not sure if it was with Vortec.

Yeah I, that is what I meant by out of web reach. For instance, I am not a huge fan of Amazon's tendancy to store cc information froma web store. This has to be done very carefully via seperate db encrypted w/ a diff relationship to other data.

[ixie02]

Quote:

Originally Posted by mresell

Yeah I, that is what I meant by out of web reach. For instance, I am not a huge fan of Amazon's tendancy to store cc information froma web store. This has to be done very carefully via seperate db encrypted w/ a diff relationship to other data.

Seems like register.com/namebargain.com stores cc also. That spooks me.

[Emilio]

Yeah, but this is not the case if we have a little online store with only one small database which can be backed up anytime to our own harddrive.

[craigdunlop]

Quote:

Originally Posted by Emilio

Yeah, but this is not the case if we have a little online store with only one small database which can be backed up anytime to our own harddrive.

Really depends on what you're storing in the database (personal details, cc numbers, etc), how good your encryption and password routines are and what and where from it can be accessed. I think you're better off leaving it to your payment gateway to store and take care of numbers - they have the insurance, IT support, and credibility/assurance customers require ...sometimes :-)

Have you looked into the OsCommerce forums for how others are giving their stores/databases high security - good thing about OsCommerce is that if you need to do something with it you can be assured others have already trodden that path. I'd like to look into Zen cart one day also, as I think OsCommerce stopped development some time back and now has a different name (maybe wrong there...)

Cheers

[Emilio]

Quote:

Originally Posted by craigdunlop

Really depends on what you're storing in the database (personal details, cc numbers, etc), how good your encryption and password routines are and what and where from it can be accessed. I think you're better off leaving it to your payment gateway to store and take care of numbers - they have the insurance, IT support, and credibility/assurance customers require ...sometimes :-)

I think this is what I'll do, moreover, I will explain to my customers about ikobo's securized payment procedure and how my payment processor is handling their info and stuff ... because they are always afraid of how their cc or personal info might be used on the internet. Am I right ?