CodingForums.com - Security advice?

CodingForums.com (http://www.codingforums.com/index.php)

- General web building (http://www.codingforums.com/forumdisplay.php?f=10)

- - Security advice? (http://www.codingforums.com/showthread.php?t=275009)

Security advice?

Hi all,

Is there anything I need to know to 'secure' my website/server after I have finished making my site?

I need to make sure that unauthorized people can't access the files on the server.

Also, I have a register/login/password user system - how can I ensure the wrong person can't login as someone else? How to ensure that data transmitted to the server is secure (via logins/registration)?

Would greatly appreciate any help!

J.

Create guest page and show if unauthorized user try to login.

if you're afraid that passwords/usernames can be captured, then answer is simple: use ssl.
about preventing unauthorized access to files via http:
i do it this way: i keep files outside of server's directories and only way to retrieve them from cient's side is to call PHP.
for example if you use cookies for athentication, u do somethink like that:

Code:

if(!isset($_COOKIE['some_auth_cookie'])){

    die();

}

if($_COOKIE['some_auth_cookie'] != $expected_value){

    die();

}

$filename_with_path = '/path/to/your/files/' . $_GET['file'];

if(!file_exists($filename_with_path)){

   die();

}

header('Content-type: ' . mime_content_type($filename_with_path));

header('Content-Disposition: attachment; filename="'. $_GET['file'] .'"');

readfile($filename_with_path);

And then instead of linking files like you always do, you direct users to say example.com/download-script.php?file=some-file.pdf
this is not exact code u can use but gives u idea how to aproach this ;)