Jump to content

SSL on a VPS: is my code safe?


Recommended Posts

Hi

I have started renting a VPS and installed an SSL certificate (ironing out secure (https://) cPanel login, just now) and I have an account hosting PHP scripts that serve dynamic WML to mobile phones - which are using interactive WAP pages to function as remote data capture devices.  The target for data exchange is an Access database behind a firewall.  Data exchange through the firewall is via named testboxes in an HTML form posting to itself (triggered by Access).  The data is somewhat encoded in textual "bytes" base 60 or 70 or even plain text in some cases: I am assuming that the https:// URL  encrypts the transmitted form data.

 

The above appears to be a good start at a securing my sight (I don't think there is danger of XSS, for instance: data is only stored in the firewalled database - other data is not stored directly in tables on the VPS, except in buffer form - waiting to be posted; they will be encrypted and decrypted for that purpose).  I am relying on the PHP scripts not being readable and I am sure there is more I need to do.  Can someone give me a few pointers?

 

Rupertrealbear

Link to comment
Share on other sites

Not surprisingly, this post has not been replied to, since I had failed to notice a tutorial - on the freaks home page! - posted 30th June 08: "PHP Security" by Daniel Egeberg.

 

Other stuff I found on my own are

a good wikipedia on file permissions

 

and Linux File Permission Confusion by Brian Hatch on his "Hacking Linux Exposed" website

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.