You are here
Basil Kurian - Tue, 2010/08/10 - 07:33
admin url : http://<ip>/admin456/
admin email (username) : admin@prestashop-turnkeylinux.org admin@example.com
admin pass : admin123
customer url : http://<ip>
base : Turnkey LAMP Hardy or Turnkey LAMP Lucid
Forum:
Tags:
Prestashop is a rising ecommerce star
Sorry for the late response! I was looking forward to reviewing this one as I've had my eye on Prestashop for some time now. This will make a great addition to the library. It's already one of the most popular ecommerce platforms, surpassed only by Magento according to Google Trends
Regarding the patch, a few comments:
PS: I cleaned up this thread a bit. Hope you don't mind.
Made some modification
New patch attached . Made some modification regarding cookie . Please check thescript in overlay/usr/lib/live-installer.d
SSL support is already provided in LAMP Patch.
Prestashop insist on renaming the admin folder to something different
Is admin folder/location renamed for added security?
I assume that it is a security measure to make it just that little bit harder for the bad guys to locate the admin area and hence making abusing it that little bit harder? If that is the case then perhaps to maintain the intentions of the Prestashop devs this admin folder/location could be generated randomly, or set by the user during install (or first boot)? I know that would make the patch a little more complex but it could be a nice touch. I don't know, perhaps its more trouble than its worth?
Workaround
Adding
in the script in overlay/usr/lib/live-installer.d and commenting this line
in conf will do that. But users need to inspect the /var/www/ folder to get the the admin-login url
.
Should I add it in the patch ??
I don't know Basil
I was just throwing ideas around. Perhaps wait for Liraz or Alon and see what they think.
No. Admin URL should be predictable
This is the first time I've heard of a webapp forcing you to change URLs for "security". IMHO, it's terribly misguided. This is what the authentication credentials are for (e.g., username/password)!
I propose we set the admin URL to something predictable like /prestadmin.
Cool - just chucking my (probably misguided) 2c in the ring :)
I am well aware that security by obscruity is certainly not an adequite defense against the bad guys. But I guess I was thinking that as an added security measure it may be of some value (especially seeing as the devs are encouraging it). By my understanding that remains the main rationale behind Ubuntu disabling the root account by default (hackers need to discover username as well as password before gaining entry). But I suppose by enabling and using the root account by default in TKL appliances, you guys demonstrate the value you see in the notion!
We again come back to the reality that all decisions like this are tradeoffs. In this instance its usability and user friendliness vs security by obscurity. I have nowhere near the experience or technical skills required to make the judgement so I am more than happy to defer to those that do - Liraz! :)
BTW the requirement to change admin location as added security was pure speculation by me. I didn't read it anywhere and no one said it (that I know of). I just jumped to that conclusion because that's the only reason I could think of. So perhaps there is some other (legitimate) reason why they want you to do that? But I can't imagine what!?
Official TurnKey PrestaShop appliance now available
TurnKey PrestaShop, based on this TKLPatch, was included in TurnKey Linux 11 release (part one).
Unless there are security fixes I doubt TKL devs will be rushing
They have a todo list a mile long so unless there is a pressing need to update the Prestashop component of the appliance I doubt it will be a priority. But there is nothing to stop you from updating it yourself. In fact you could have a play with updating to the RC to see if there are any gotchas (I'd just do it in a VM so you can easily rinse & repeat to double check your process). Other users may also be interested so it'd be great if you could document the process (that is if you choose to do that).
Add new comment