rupertrealbear Posted June 30, 2008 Share Posted June 30, 2008 Hi I have started renting a VPS and installed an SSL certificate (ironing out secure (https://) cPanel login, just now) and I have an account hosting PHP scripts that serve dynamic WML to mobile phones - which are using interactive WAP pages to function as remote data capture devices. The target for data exchange is an Access database behind a firewall. Data exchange through the firewall is via named testboxes in an HTML form posting to itself (triggered by Access). The data is somewhat encoded in textual "bytes" base 60 or 70 or even plain text in some cases: I am assuming that the https:// URL encrypts the transmitted form data. The above appears to be a good start at a securing my sight (I don't think there is danger of XSS, for instance: data is only stored in the firewalled database - other data is not stored directly in tables on the VPS, except in buffer form - waiting to be posted; they will be encrypted and decrypted for that purpose). I am relying on the PHP scripts not being readable and I am sure there is more I need to do. Can someone give me a few pointers? Rupertrealbear Quote Link to comment Share on other sites More sharing options...
rupertrealbear Posted July 3, 2008 Author Share Posted July 3, 2008 Not surprisingly, this post has not been replied to, since I had failed to notice a tutorial - on the freaks home page! - posted 30th June 08: "PHP Security" by Daniel Egeberg. Other stuff I found on my own are a good wikipedia on file permissions and Linux File Permission Confusion by Brian Hatch on his "Hacking Linux Exposed" website Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.