This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more hereX

Home > Discussion Forum

Discussion Forum

kayemdesign kayemdesign is offline
Connector
Join Date: Oct 2004
Location: Hemel Hempstead
Posts: 692
PHP developers - quotes needed...

Hi Guys

Im looking for a PHP developer to help me with a project that has been given the go-ahead yesterday. I will be building the main site but need help with a secure area for my client to post files for download by her clients. What I need is....

A secure area built where client of my customer can login and access documents posted up by my customer. She is an accountant and wants to be able to post up excel spreadsheets to a secure area where her clients can login and download them. It MUST be secure as there will be sensitive account data being served from within the secure area.

So in summary what I need:

1) A secure login system with password username.
2) Once logged in user will go to their own area to download spreadsheets and other files/documents
3) A Password reminder facility
4) Ability for my customer to manage their clients accounts (i.e. create/delete/amend)
5) Must be secure.
6) PHP/MySQL prefered as hosting is on Linux box

The main site I will be doing so this just needs to 'bolt-on' to the main site. It will be accessed via a login box on the home page.

If you need any more info please feel free to call me on 07917 831303. This needs to be done within the next two-three weeks.

Feel free to email me info[at]kayemdesign.co.uk with any questions.

Cheers

Steve
__________________
A6 Flyers | A5 Leaflets | Business Cards
Reply With Quote
braindump braindump is offline
Newbie
Join Date: Jan 2006
Posts: 1
What strength of security are you looking for?

Just username/password validation or is it something that would require 40 or 128-bit SSL server certificates?
Reply With Quote
seiretto seiretto is offline
Connector
Join Date: Aug 2004
Posts: 181
Hi Steve,

Try this:
http://www.dwalker.co.uk/phpautomembersarea/

It covers all your 6 summary points, and you can test and integrate it free.

If you find its what you need then registration is just 19.99 per year.
Reply With Quote
Martin Martin is offline
Connector
Join Date: Jul 2002
Location: Luton, Bedfordshire
Posts: 2,726
Little bit of advice, remember the actual security of the server in all aspects when dealing with important data... Having a secure web application is just one part.

It can all be circumvented if a hole is exploitable... 4 vulnerabilities have been found in the software of the Apache Foundation and 8 possible vulnerabilites have been found regarding PHP and it's modules this year alone. (So thats in 16 Days)
Reply With Quote
kayemdesign kayemdesign is offline
Connector
Join Date: Oct 2004
Location: Hemel Hempstead
Posts: 692
Quote:
Originally posted by Martin
Little bit of advice, remember the actual security of the server in all aspects when dealing with important data... Having a secure web application is just one part.

It can all be circumvented if a hole is exploitable... 4 vulnerabilities have been found in the software of the Apache Foundation and 8 possible vulnerabilites have been found regarding PHP and it's modules this year alone. (So thats in 16 Days)
Thanks Martin, well worth considering. Any recommendations for reliable and SECURE hosts? My combination of Apache/MySQL may not be bullet proof enough.

Thanks

Steve
__________________
A6 Flyers | A5 Leaflets | Business Cards
Reply With Quote
openmind's Avatar openmind openmind is offline
Connector
Join Date: May 2004
Location: In front of my computer
Posts: 3,480
The problem you have is that the only way you will be able to get close to a 100% guaranteed secure server is to run your own dedicated box that you patch and secure yourself.

Shared hosting by it's very nature will increase the risk even if the host has correctly patched and secured the box for all the accounts...
Reply With Quote
Martin Martin is offline
Connector
Join Date: Jul 2002
Location: Luton, Bedfordshire
Posts: 2,726
Quote:
Originally posted by openmind
The problem you have is that the only way you will be able to get close to a 100% guaranteed secure server is to run your own dedicated box that you patch and secure yourself.

Shared hosting by it's very nature will increase the risk even if the host has correctly patched and secured the box for all the accounts...
Yep, bang on the money...

Server security is an ongoing process, today secure, tomorrow exploitable.

Using shared servers means loads of people potentially have access to your files because of custom programming, extra accounts, stupid administrators etc etc The more you allow the user to do, like run there own scripts, the bigger the security problem.

If you have a dedicated server, then no one else is using it, and as such a bit more secure... But then you need to know how to secure that box yourself, or have someone who does and then employ them to keep a check on it. Such as performing security tests, and patching / upgrading checks ... On top of that is loads of log file checking, like banks if someone knows it contains sensitive data some ****** will try break in. All this on a daily basis...

It's not cheap... but it's the price you pay for real security and you need to way up to what the data your securing is worth.

For example, you could use PGP (Cheapest way I'd say to do this) to encrypt the files, but then you need to educate everyone who will use the files how to open/decrypt which could prove a problem. (And how to store the data on their own PC's without it being stolen.)

In truth, everyone here running E-Commerce websites should be taking this onboard but it's often overlooked.

It's a massive subject..... and I wouldnt like to suggest a host because in truth I don't really know them.... (personally)
Reply With Quote
Martin Martin is offline
Connector
Join Date: Jul 2002
Location: Luton, Bedfordshire
Posts: 2,726
Quote:
Originally posted by Martin

It's a massive subject..... and I wouldnt like to suggest a host because in truth I don't really know them.... (personally)
I shouldn't quote myself, but in the previous post I quoted Phil! Who out of every Web Host I know of, is the only one we all talk to daily, so if you want a recommendation.... There you go
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT +1. The time now is 12:46 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd. Copyright Shell LiveWIRE 2005-2009