ldon Posted February 11, 2013 Share Posted February 11, 2013 Hi all, why I have to change ADMIN folder after instalation? Thanks Link to comment Share on other sites More sharing options...
El Patron Posted February 11, 2013 Share Posted February 11, 2013 security... 2 Link to comment Share on other sites More sharing options...
coeos.pro Posted February 11, 2013 Share Posted February 11, 2013 prestashop is not joomla... 1 Link to comment Share on other sites More sharing options...
Paulito Posted February 11, 2013 Share Posted February 11, 2013 Good morning, If your talking about the password then that is for security the default one is probably 123, so change to whatever you want but make sure it is secure At least a combination of 16 numbers, letters and symbols Paul Link to comment Share on other sites More sharing options...
ldon Posted February 11, 2013 Author Share Posted February 11, 2013 security... Are you saying if I'll change it to ADMIN1 nobody can acces it? Link to comment Share on other sites More sharing options...
ldon Posted February 11, 2013 Author Share Posted February 11, 2013 security... Sorry for my question, but prestashop offers multistore shop where you'll give acces to x,y employees in shop so anybody can hack the shop? Link to comment Share on other sites More sharing options...
ldon Posted February 11, 2013 Author Share Posted February 11, 2013 prestashop is not joomla... Sorry, what does it mean? Link to comment Share on other sites More sharing options...
El Patron Posted February 11, 2013 Share Posted February 11, 2013 if you don't want to change it then hack prestashop so it does not check for the admin name change...otherwise as they said in Lonsome Dove, the greatest western ever made...I guess you do what I say do...jajajajaja Link to comment Share on other sites More sharing options...
benjamin utterback Posted February 11, 2013 Share Posted February 11, 2013 Hello, before accessing your back office PrestaShop requires you to delete the Install folder and rename the admin folder for security. It should not be named something simple like admin123 as that is easily guessed. Link to comment Share on other sites More sharing options...
ldon Posted February 11, 2013 Author Share Posted February 11, 2013 if you don't want to change it then hack prestashop so it does not check for the admin name change...otherwise as they said in Lonsome Dove, the greatest western ever made...I guess you do what I say do...jajajajaja OK, so what did you mean in first reaction - "security"? Link to comment Share on other sites More sharing options...
benjamin utterback Posted February 11, 2013 Share Posted February 11, 2013 Hello, security means that if you do not change the name of your admin folder, anybody can access your login screen by using www.yoursite.com/admin This increases the chances of being hacked because it is easier to find the login screen to your Back Office. Link to comment Share on other sites More sharing options...
ldon Posted February 11, 2013 Author Share Posted February 11, 2013 Hello, before accessing your back office PrestaShop requires you to delete the Install folder and rename the admin folder for security. It should not be named something simple like admin123 as that is easily guessed. As I've written before. You'll give the admin acces to few employees in your company and if "one" of them will be great in programing, WHAT CAN HE DO TO (let's say) destroy YOUR PRESTASHOP store? This is just a question because I'm worried about a prestashp safety. Thank you. Link to comment Share on other sites More sharing options...
benjamin utterback Posted February 11, 2013 Share Posted February 11, 2013 Hello Idon, a great programmer can hack into virtually any system in the world. If one of your employees is good enough to hack into your PrestaShop store, he or she can do anything to destroy your store. Delete products/customers/ etc. It's the same for any E-Commerce software, or software in general. It takes a lot of skill to hack into the backoffice without your hosting/cpanel credentials. Link to comment Share on other sites More sharing options...
ldon Posted February 11, 2013 Author Share Posted February 11, 2013 Hello Idon, a great programmer can hack into virtually any system in the world. If one of your employees is good enough to hack into your PrestaShop store, he or she can do anything to destroy your store. Delete products/customers/ etc. It's the same for any E-Commerce software, or software in general. It takes a lot of skill to hack into the backoffice without your hosting/cpanel credentials. Thank you. I just wanted to know if I'll give an employee a bigger chance to attack my shop if I'll give him an acces to any of my multistore shops (ADMIN, ONETWO... or any other folder). Link to comment Share on other sites More sharing options...
garywright Posted February 12, 2013 Share Posted February 12, 2013 Hold on.... If you are giving admin access to a few employees are you are worried that these employees might hack you - well you have given them access so they will just login and obtain the data they want, no hacking involved. Link to comment Share on other sites More sharing options...
ldon Posted February 12, 2013 Author Share Posted February 12, 2013 Hold on.... If you are giving admin access to a few employees are you are worried that these employees might hack you - well you have given them access so they will just login and obtain the data they want, no hacking involved. That was probably a stupid question but what I do not understand is: - on one side I should rename ADMIN folder for a security reason and - on the other side I shouldn't worried about security from an employee access. Link to comment Share on other sites More sharing options...
garywright Posted February 12, 2013 Share Posted February 12, 2013 on one side I should rename ADMIN folder for a security reason This will remove the risk of a random, external hacker guessing the URL of your admin suite easily. on the other side I shouldn't worried about security from an employee access. If there is a member of staff you don't trust, do give them access to start with? 1 Link to comment Share on other sites More sharing options...
ldon Posted February 12, 2013 Author Share Posted February 12, 2013 This will remove the risk of a random, external hacker guessing the URL of your admin suite easily. If there is a member of staff you don't trust, do give them access to start with? True, but on an interview nobody will tell you I'm greatest hacker ever. Link to comment Share on other sites More sharing options...
ldon Posted February 12, 2013 Author Share Posted February 12, 2013 Maybe one more question. What definitely not allow to access for "employee"? (In the back office) Link to comment Share on other sites More sharing options...
garywright Posted February 12, 2013 Share Posted February 12, 2013 Maybe one more question. What definitely not allow to access for "employee"? (In the back office) You could setup a series of profiles for your staff, allowing selected staff to access selected areas - i.e staff dealing with products will only see the products and nothing to do with orders, etc. Postage & packing staff will see orders and nothing to do with products, etc. Also if your data is highly prone to being attacked I would suggest your back up is frequently carried out, this way you could restore it without loss of too much data. Link to comment Share on other sites More sharing options...
benjamin utterback Posted February 12, 2013 Share Posted February 12, 2013 Hi Gary, yes that's exactly wright (sorry, I had to) . Creating a backup every night would be ideal. True, but on an interview nobody will tell you I'm greatest hacker ever. I'm not sure how you expect to screen your employees. You could do background checks, polygraph tests, maybe some PHP tests to see if he has the knowledge capable to hack your store. 1 Link to comment Share on other sites More sharing options...
garywright Posted February 12, 2013 Share Posted February 12, 2013 Hi Gary, yes that's exactly wright (sorry, I had to) . Creating a backup every night would be ideal. It's not the first and I'm sure it won't be the last OP - Just out of interest what sort of stuff are you selling to be concerned to such a high level about internal staff? Link to comment Share on other sites More sharing options...
ldon Posted March 17, 2013 Author Share Posted March 17, 2013 It's not the first and I'm sure it won't be the last OP - Just out of interest what sort of stuff are you selling to be concerned to such a high level about internal staff? It was just a question guys. You never know. Matrix has you ... Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts