| Author |
 Topic  |
|
|
calumog
Starting Member
7 Posts |
 Posted - May 08 2004 : 07:09:44
|
Has anybody tried moving the admin pages to a folder other than the shopping pages? I'm quite anxious about the admin being in the same folder as everything else (except the database of course). I've followed all the security recommendations but there are tools out there that will find your admin login page even if you have renamed it. I'm not up on brute forcing asp login screens but its obviously possible. I've used the updated shopadmin.asp page which locks out unauthorised ip addresses but I'm still worried.
I am running my site locally but the isp I plan to use when it goes live has a directory for admin. I'd like to use it but I'm just wondering how much work is involved.
Cheers
|
|
|
Dulrr
VP-CART New User
57 Posts |
Posted - July 06 2004 : 16:02:00
|
I've been looking at the files and such, and if I'm not mistaken you should be able to simply copy all "shoppa_" files, shopadmin1.asp and [youradminloginpage].asp into another folder. I haven't actually tried it yet, but as long as you can still read your database from the other folder it should work. (And worst case scenario you can just copy/paste the files back if this doesn't work  )
*goes off to tinker further - will report back shortly with result*
~D |
 |
|
|
Dulrr
VP-CART New User
57 Posts |
Posted - July 06 2004 : 16:28:55
|
Progress report: Looks like you'll also need shopadmin.css, and either a copy of the include files (shop$db) or update all the links to 'em.
*Please hold while files upload*
Alright! Seems to be working. None of the pics (most notably the help buttons) display, but that's easily fixed... The help button pic is "vpasp_configquestion"
"shopadminheader" and "shopadmintrailer" should be copied over, and the shopheaders file updated accordingly...
A copy of "shoperror.asp" should also be moved...
And it seems that's all there is to it! I'm not sure if my site managing program updated links anywhere else when I moved the files over, but I think that was everything!
Note: going through the shopadmin pages I've noticed they're considerably slower right now. I'm guessing it's because the server has to recompile all the vbscript.
~D
[edit: July 7] Yup - admin pages are loading at the proper speed now, the slowness seems to have been the server having to generate the pages for the first time. The vpnav_reset and vpnav_search images were also missing. Now to mess around and admin a few things to see if everything still works in practice and not just in appearance... No problems anticipated, though.
[edit: July 7, again] Everything seems to be working just peachy-keen! I've mucked around with a few variables and all changes still applied properly.
Edited by - Dulrr on July 07 2004 09:14:15
Edited by - Dulrr on July 07 2004 09:48:23 |
|
|
|
keng
VP-CART New User
152 Posts |
Posted - July 13 2004 : 22:31:14
|
Hi,
I tried exactly like what you said and it didn't work (Function wise). It broke my admin area. I'd appreciate if you can please put more input whatelse you did that made you successful from transferring them. Thanks!!! Much appreciated.
I Copied from old folder to new folder...
shoppa_ (files)
shopadmin1.asp
shopadmin.asp
ashopadmin.css
shop$db
shopadminheader
shopadmintrailer
shoperror.asp
|
|
|
|
Dulrr
VP-CART New User
57 Posts |
Posted - July 14 2004 : 08:38:25
|
Will try! Dreamweaver had automatically updated several of the moved pages to maintain link integrity, so it might take a few moments of digging to find the exact places.
Do you have the actual error message handy? It would probably make backtracking just a little bit easier...
~D |
|
|
|
Dulrr
VP-CART New User
57 Posts |
Posted - July 14 2004 : 09:41:23
|
Well, during my coffee break this morning I ran a quick search and compiled a more complete list of the files that had been played with. Hope this helps!
___________________________________________________________
The following files had been moved. Additionally, I have included a list of the files which Dreamweaver modified links to to preserve site integrity. (A very highly recommended program, BTW - I can make mass movements, find code anywhere in the site, set up a test server locally to view pages before uploading 'em - and more!)
quote:
[renamed admin page]
all shopa_ files
---------------------------------------------------
Links to following include files had been updated:
shop$db
shopmdhash.asp
shop$language2.asp
shophash.asp
shopcountries.asp
shopformatorder.asp
shoptrackingorder.asp
shopformatordersupplier.asp
shopfileio.asp
shopmail.asp
shopreadfile.asp
shopmailformattemplate.asp
shopdateform.asp
shopsecuritycheck.asp
additionally:
shopa_confighelp and shopa_producthelp link to vpasp_top.gif
-------------------------------------------------------------------
shopadmin.css
shopadmin1.asp
shoperror.asp
shoplogo.gif
shopproductcheck.asp
vpasp_configquestion.gif
vpnav_continue.gif
vpnav_reset.gif
vpnav_search.gif
For you it would probably be easiest to simply copy over the included files instead of going through and updating each page - Including the numerous vpasp_top.gif buttons in the two help files (estimated at 50 of the search results) I got a list of "140 items found in 64 documents"!
If you're still having trouble and/or I missed something in my haste please let me know
~D
[edit] - Taking another look at the updated files, changes made to shopa_editdisplay were in error and should not have been made. They have been taken out of the list of changes above, hopefully avoiding confusion.
Edited by - Dulrr on July 16 2004 10:47:12 |
|
|
|
jackbox
VP-CART New User
United Kingdom
72 Posts |
Posted - August 02 2004 : 01:27:40
|
If your server has a policy which limits directory roaming outside of webspace, moving admin to https doesn't work as it won't upload images. Would be interested if anyone else has had that problem other than recoding chunks of the cart to pull images from https and putting all your images in there too, I couldn't find a solution.
|
|
|
|
jackbox
VP-CART New User
United Kingdom
72 Posts |
Posted - August 05 2004 : 11:13:27
|
Is it not possible to move the login page only to https (ssl) thereby offering better protection but for actual admin functionality, leave that in http and redirect to there following a succesful login? In otherwords, only the admin login is via https? I've been trying this but then have a session problem.
|
|
|
| |
Topic |
|
All Forums
admin outside site root
New Topic
Printer Friendly
TrustGuard - PCI Security Scanner
