More new goodies in RC3 osCommerce
Buy Gary A Beer?
Buying me a "beer" helps me to keep my contributions updated and keep this blog alive - and you get a link from my homepage to your site. Cheers!
Looking at the up-to-date version of RC3, and I spy more new things;
Ability to change the admin directory name as part of the installation procedure:
We've all seen the recent eval problem that has been doing the rounds. Changing the admin directory to a completely random name is a great way to help guard against this. Would be nice to have a "make random name" button here. I might code that up later.
Admin access attempts are now part of the new Action Recorder feature:
and
I previously blogged about the Action Recorder here. You can see that we can now set the number of access attempts and number of minutes between login attempts.
Warning about configure file being writable is now also in the Admin Area:
This should help to make users more aware of what they need to do "next"!!
File manager has now gone:
We all know that the File Manager was a risk, not only because of the recent round of hacks but also because it broke files when saving them. Removing this is a great move.
There's more stuff, which I'll blog about again later.
To have the admin name change in the install procedure, open up the following file;
/install/templates/pages/install_3.php
Add this at the top of the page underneath the
include('../includes/functions/general.php');
Find this:
'CFG_ADMIN_DIRECTORY', 'admin',
Change it to this:
'CFG_ADMIN_DIRECTORY', tep_create_random_value(10),
That's it.
Comment by Gary — February 14, 2010 @ 10:22 am