CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> PHP

 Security Upgrades

Print topic Send  topic

Author Message
Simon Cranmer
Posted: 01/04/2004, 1:51 PM

Looks like I will be creating an internet application and am after some advise. Does anyone have any help / code on how to check & improve the standard security

TA

Si.

Win XP, apache, php, mysql + access via IE5.5 & 6
Steve Ebbrell
Posted: 01/04/2004, 3:13 PM

Simon,

Are you concerned about site security or application security?
i.e. Do you want to stop hackers getting onto the system or are you concerned about having your application/scripts ripped off by the customer?
or are you refering to CodeCharge's Login/Security features?

What OS will Apache be running on?

Simon Cranmer
Posted: 01/05/2004, 11:44 AM

Sorry good point.

I’m not worried about my scripts. I have someone paying (a small amount) for my time so they are welcome to the code. I’m more worried about the security of the data and the site. I will have the site hosted by a good reliable company and am already configuring .htaccess for include areas etc. I was really thinking about tightening/improving the standard cc login/security features as this may be of interest to everyone else on here.

TA

Si.
Steve Ebbrell
Posted: 01/05/2004, 8:53 PM

Simon,

I always use Apache Aliases for the application directories as in
httpd.conf

Alias /mydir "/basedir/homexxx/"

<Directory "/basedir/homexxx/">
Options Indexes MultiViews ExecCGI
DirectoryIndex index.php
Order allow,deny
Allow from all
</Directory>

This helps to hide the actual location of the script.

In the past I have always written my own Logon routines, you can either have a screen for each security level, or more elegantly issue a different SQL statement from a Case statement depending on the access level, I prefer the latter as it makes future maintenance less of a chore. I use Session Variables rather than the URL to store and pass parameters for the access level.
Like all web packages CCS has good Session Variable support as Global Variables are a No No in multi-user applications.


Steve Ebbrell
Posted: 01/05/2004, 8:55 PM

Continued from previous reply: appears there is a limit of 1,000 characters per message!

I also use a new CCS project for each part of the application, this way I can incorporate any part of previous applications into the current one very easily.

You can read about built-in MySQL encryption at http://www.mysql.com/doc/en/Miscellaneous_functions.html

Steve...
SiCranmer
Posted: 01/09/2004, 10:26 AM

Ooo I do like the AES_ENCRYPT I must have had my head in the sand to miss that one. I too am using the alias pointer but only because I currently have loads of stuff on my server divided into projects and wanted a nice link to projects called externally. And I’m ensuring no global vars. So it looks like I’m already on the way there. I’ll visit the login scripts later.

I’m already developing a menu system where users are grated a “roll” which contains a collection of progs and only displays the ones you have access too. If I get it working I may release it on here, if not I’ll post a how-to.

Thanks hope this helps others.

Si.

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Internet Database

Visually create Web enabled database applications in minutes.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.