A customer migrating to osCommerce v4 wanted to ensure their new store setup was secure before proceeding further. Their main concerns included:
- Renaming the admin directory for security purposes.
- Configuring file permissions, specifically for configure.php.
- Understanding which files and constants needed updates to reflect the renamed directory.
The osCommerce support team provided a detailed step-by-step guide to address each concern:
- Renaming the Admin Directory:
- Rename the admin directory.
- o Update the following constant in /admin/includes/local/configure.php: define('DIR_WS_ADMIN', '/admin/');
- File Permissions for configure.php:
- Set the permissions of configure.php in the local subdirectory to 444 for security.
- Note: The main includes/configure.php file should retain permissions that allow updates, as it may change during system updates.
- Updating Constants Across Files:
- For admin/includes/configure.php, ensure the following constant is updated: defined('DIR_WS_HTTP_ADMIN_CATALOG') or define('DIR_WS_HTTP_ADMIN_CATALOG', ltrim(DIR_WS_ADMIN, '/'));
- For includes/configure.php, modify the constant on line 240 to reflect the new directory name: define('DIR_WS_HTTP_ADMIN_CATALOG', 'your_new_admin_dir/');
These measures reduce the risk of unauthorized access while maintaining system functionality.
