Security advice?

[john6]

Hi all,

Is there anything I need to know to 'secure' my website/server after I have finished making my site?

I need to make sure that unauthorized people can't access the files on the server.

Also, I have a register/login/password user system - how can I ensure the wrong person can't login as someone else? How to ensure that data transmitted to the server is secure (via logins/registration)?

Would greatly appreciate any help!

J.

[shyagrawal]

Create guest page and show if unauthorized user try to login.

[patryk]

if you're afraid that passwords/usernames can be captured, then answer is simple: use ssl.
about preventing unauthorized access to files via http:
i do it this way: i keep files outside of server's directories and only way to retrieve them from cient's side is to call PHP.
for example if you use cookies for athentication, u do somethink like that:

Code:

if(!isset($_COOKIE['some_auth_cookie'])){
    die();
}
if($_COOKIE['some_auth_cookie'] != $expected_value){
    die();
}
$filename_with_path = '/path/to/your/files/' . $_GET['file'];
if(!file_exists($filename_with_path)){
   die();
}
header('Content-type: ' . mime_content_type($filename_with_path));
header('Content-Disposition: attachment; filename="'. $_GET['file'] .'"');
readfile($filename_with_path);

And then instead of linking files like you always do, you direct users to say example.com/download-script.php?file=some-file.pdf
this is not exact code u can use but gives u idea how to aproach this