Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Sep 2012
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security advice?

    Hi all,

    Is there anything I need to know to 'secure' my website/server after I have finished making my site?

    I need to make sure that unauthorized people can't access the files on the server.

    Also, I have a register/login/password user system - how can I ensure the wrong person can't login as someone else? How to ensure that data transmitted to the server is secure (via logins/registration)?

    Would greatly appreciate any help!

    J.

  • #2
    New Coder
    Join Date
    Sep 2012
    Posts
    22
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Create guest page and show if unauthorized user try to login.

  • #3
    Regular Coder patryk's Avatar
    Join Date
    Oct 2012
    Location
    /dev/couch
    Posts
    398
    Thanks
    2
    Thanked 64 Times in 64 Posts
    if you're afraid that passwords/usernames can be captured, then answer is simple: use ssl.
    about preventing unauthorized access to files via http:
    i do it this way: i keep files outside of server's directories and only way to retrieve them from cient's side is to call PHP.
    for example if you use cookies for athentication, u do somethink like that:
    Code:
    if(!isset($_COOKIE['some_auth_cookie'])){
        die();
    }
    if($_COOKIE['some_auth_cookie'] != $expected_value){
        die();
    }
    $filename_with_path = '/path/to/your/files/' . $_GET['file'];
    if(!file_exists($filename_with_path)){
       die();
    }
    header('Content-type: ' . mime_content_type($filename_with_path));
    header('Content-Disposition: attachment; filename="'. $_GET['file'] .'"');
    readfile($filename_with_path);
    And then instead of linking files like you always do, you direct users to say example.com/download-script.php?file=some-file.pdf
    this is not exact code u can use but gives u idea how to aproach this


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •