Jump to content


Photo

Make files secure


  • Please log in to reply
2 replies to this topic

#1 miligraf

miligraf
  • Members
  • PipPipPip
  • Advanced Member
  • 74 posts

Posted 06 May 2006 - 09:39 PM

I got a tutorial management system in which i can add, edit or delete tutorials; how do i make those files secure? and can the index (where you see all the tutorials) can it be secured?

i dont wanna find one day that someone just erased all the database.

thx.

#2 SharkBait

SharkBait
  • Members
  • PipPipPip
  • Advanced Member
  • 845 posts
  • LocationMetro Vancouver, BC

Posted 07 May 2006 - 04:28 AM

I guess it would depend on what management scripts you are using.

As for the database, make sure the user account that can directly access the database has a tricky password. Alphanumeric, non-common dictionary word, etc

As for your management system and making sure other people, when logged in, do not delete tutorials. I'd check to see if there are 'user levels' so that if you're not a certain level you can not delete the entry.

I have one thing I've implementated where the user who creates the entry, is the only one allowed to delete it unless they are of the highest userlevel. This of course the user only accesses via PHP and has no access to the actual database itself.



#3 miligraf

miligraf
  • Members
  • PipPipPip
  • Advanced Member
  • 74 posts

Posted 07 May 2006 - 07:21 AM

i meant something like SQL injection thing...

but also, i added some .htaccess but it only works when trying to access the folder, if i know the exact name of a file inside, i can access it...lol. since i have all done, is there an easy way to create a login thingy with PHP without making a big mess?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users