This is a discussion on securing admin? how do I do it? within the osCommerce 2.2 Installation Help forums, part of the osCommerce 2.2 Forums category; Apologies if it's obvious -- my client noticed that it wasn't secure and I need to fix it pronto pronto! ...
securing admin? how do I do it? Apologies if it's obvious -- my client noticed that it wasn't secure and I need to fix it pronto pronto! I thought it would be secure because I reinstalled and got the SSL working for the catalog (checkout is currently secure). Why isn't the admin secure? Do I need to reinstall again?
Thanks ahead,
Greg
Hi,
you need to edit the admin/includes/configure.php file.
Find the http server define and change it to your https url. Do the same for the https define. Make sure use ssl is set to 'True'
That should secure it for you...
Michael Sasek
osCMax Developer
osCmax Installation Service - Have our professionals install osCmax on your server - same day service!
osCmax 2.5 User Manual - the must have beginners guide to osCmax v2.5
Stay Up To Date with everything osCMax:
Free osCmax Newsletters - Security notices, New Releases, osCMax News
osCmax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Thanks a heap! Worked like a charm.
Cheers,
Greg
Hello,
I just did that and noe it is showing as 'You are protected by a unknown secure SSL connection.' Please help
David
It's SSL. You're good.
How did you get the checkout working? I am having a terrible problem in connecting the checkout, create account etc to SSL. Am using a shared SSL connection and it it having database problems.
I put it in the wiki. I tested it using both a cert and a shared cert. Just follow the wiki.Originally Posted by sagarc
http://oscdox.com/modules.php?op=mod...p;pagename=SSL
I had to change the following line of code in the admin index.php file before it would recognise that the connection is secure (seems to be a peculiarity of this 1&1 server):
around line 236:
if (getenv('HTTPS') == 'on')
changed to:
if (getenv('HTTPS') == '1')
The variable SSL_CIPHER_ALGKEYSIZE does not seem to be available on my server so I'm getting the message "...unknown secure SSL connection".
If anyone is interested, this is usually due to the Apache environment not making the ModSSL environment variables available to virtual accounts."...unknown secure SSL connection".
If your host allows htaccess and is using ModSSL, you should be able to add the following directive to your /admin .htaccess file to enable the SSL environment variables:
Then, you should change the following line (341 in oscmax v2) in /admin/index.php:Code:SSLOptions +CompatEnvVars
toCode:$size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>');
That will allow osCMax to read the ModSSL environment variable 'SSL_KEYSIZE' and the admin page will correctly display the level of encryption your cert is using.Code:$size = ((getenv('SSL_KEYSIZE')) ? getenv('SSL_KEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>');
Michael Sasek
osCMax Developer
osCmax Installation Service - Have our professionals install osCmax on your server - same day service!
osCmax 2.5 User Manual - the must have beginners guide to osCmax v2.5
Stay Up To Date with everything osCMax:
Free osCmax Newsletters - Security notices, New Releases, osCMax News
osCmax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Posting Permissions
LinkBack URL
About LinkBacks
Bookmarks