Post-Installation Steps

Upon successful installation of osCommerce Online Merchant, the following steps need to be performed to secure the installation of your online store.

Remove Installation Files

The catalog/install directory must be removed from the web server otherwise a user could use the installation procedure and reconfigure the online store to use another database server.

File and Directory Permissions

Configuration Files

The file permissions for catalog/includes/configure.php and catalog/admin/includes/configure.php must deny write access by the web server. This is commonly performed by setting the permission flag to a read only value of 644 or 444 depending on your server.

Writable Directories

Some directories need to allow write access by the web server for osCommerce Online Merchant to function properly. A list of directories and the current write permission state can be viewed on the Administration Tool -> Tools -> Security Directory Permissions page.

Extra Protection for the Administration Tool

The Administration Tool is secured by its own login routine but is still publicly accessible. It is recommended to further protect the Administration Tool by setting a htaccess password on the catalog/admin directory.

Instructions for adding a htaccess password layer is provided on the Administration Tool -> Configuration -> Administrators page.