Security issue

Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

Enabling the htaccess/htpasswd security layer will automatically store administrator username and passwords in a htpasswd file when updating administrator password records.

Please note, if this additional security layer is enabled and you can no longer access the Administration Tool, please make the following changes and consult your hosting provider to enable htaccess/htpasswd protection:

  1. Edit this file:


Remove the following lines if they exist:


AuthType Basic
AuthName “osCommerce Online Merchant Administration Tool”
AuthUserFile /home/rainbowp/public_html/admin/.htpasswd_oscommerce
Require valid-user

  1. Delete this file:



I am able to write to the configuration file: /home/rainbowp/public_html/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

what this messages means?do i need to do anything about it/
also how i can be sure that my programmer will not go in and change anything?how can i block anyone accessing the admin panel?