Post-Installation Steps
Upon successful installation of osCommerce Online Merchant, the following steps need to be performed to secure the installation of the online store.
Remove Installation Files
The catalog/install directory must be removed from the web server otherwise a user could use the installation procedure and reconfigure the online store to use another database server.
Reset File and Directory Permissions
Configuration Files
The file permissions on catalog/includes/configure.php and catalog/admin/includes/configure.php must be set to deny write access by the web server service. This is commonly performed by setting the permission flag to a read only value of 644 or 444 depending on your server.
Writable Directories
The following directories must be set to allow the web server service to write to for the Administration Tool to function properly. This is commonly performed by setting the permission flags to a world-writable value of 777.
| Directories | Web Server Writable |
|---|---|
| catalog/images |  |
| catalog/cache (create this folder) | |
| catalog/admin/backups | |
| catalog/admin/images/graphs | |
Extra Protection for the Administration Tool
The Administration Tool is secured by its own login routine but is still publicly accessible. It is recommended to further protect the Administration Tool by setting a htaccess password on the catalog/admin directory.
 | If no extra protection is set for the Administration Tool, it is recommended to move the catalog/admin/backups directory outside the public html directory otherwise public access to the backup files would be possible. The location of the backup directory must be correctly defined in catalog/includes/configure.php. |