Security on websites
Discussion
Without going into too much detail (unless you want to of course !) how would I go about setting up security on a web site, such that the user has to have a username / password, which then can be used to only access certain pages of the site ?
How do you let the user enter their own usernames and passwords, and how do you then restrict certain pages to these 'member' users ?
Currently I'm running on a Unix server, but I was thinking of moving anyway, so platform might not be an issue (whatever's easiest really).
Thanks !
How do you let the user enter their own usernames and passwords, and how do you then restrict certain pages to these 'member' users ?
Currently I'm running on a Unix server, but I was thinking of moving anyway, so platform might not be an issue (whatever's easiest really).
Thanks !
nevpugh308 said:
Without going into too much detail (unless you want to of course !) how would I go about setting up security on a web site, such that the user has to have a username / password, which then can be used to only access certain pages of the site ?
How do you let the user enter their own usernames and passwords, and how do you then restrict certain pages to these 'member' users ?
Currently I'm running on a Unix server, but I was thinking of moving anyway, so platform might not be an issue (whatever's easiest really).
Thanks !
Step 1 - Database
Step 2 - Half a ton of scrpts
Step 3 - SSL
And your There
Unix is as good a platform as any for this.
nevpugh308 said:
Cheers 
Step 1 : MySQL ?
Step 2 : Presumably these are obtainable already from somewhere (I wouldn't have to write them all myself from scratch ?)
Step 3: Wozzatden ?
1. Yep
2. www.hotscrpts.com/ look in the PHP section - you will need to put the i back in scrpts when you go to the url.
3. SSL = Secure Sockets Layer if you want your login to be secure then this will give you 128bit encryption for the login process - to stop usernames being nabbed etc
>> Edited by dontlift on Friday 1st August 10:06
dontlift said:
Step 1 - Database
Step 2 - Half a ton of scrpts
Step 3 - SSL
And your There
Unix is as good a platform as any for this.
Er, thats about it... but one thing to be careful of, make sure that any programming that you do is careful and fully tested. The common attacks that we see today are making use of flaws in the sample code provided by Microsoft as part of their ASP teaching systems. Ok, sticking to Unix is a good start, but make sure that you fully test it and run some sort of website checker against it to find known issues and loopholes....
Finally, someone somewhere will get past it, but usually it wont be malicious but simply someone that will share a username and password... normally not a problem, but you can decrease this risk by putting in secondary security questions which makes it harder - for example see www.egg.com when you login... but this is pretty much the extreme and by the sounds of it you wont need to do this.
Thanks for all the feedback peeps.
I accept that there will be a percentage of hacking, but I'm prepared to accept that as "bad loss" (as long as it's small) ... for what I have in mind it would only mean a small loss in profit (i.e. someone getting some code of mine for free) rather than anything "important" (e.g. banks, egg.com and so on)
I accept that there will be a percentage of hacking, but I'm prepared to accept that as "bad loss" (as long as it's small) ... for what I have in mind it would only mean a small loss in profit (i.e. someone getting some code of mine for free) rather than anything "important" (e.g. banks, egg.com and so on)
nevpugh308 said:
Thanks for all the feedback peeps.
I accept that there will be a percentage of hacking, but I'm prepared to accept that as "bad loss" (as long as it's small) ... for what I have in mind it would only mean a small loss in profit (i.e. someone getting some code of mine for free) rather than anything "important" (e.g. banks, egg.com and so on)
You may want to look at www.oscommerce.org/ and www.postnuke.com these are both pretty well advanced systems
Hi !
Unix is the best platform (IMHO).
Why ? Because theres is a lot of work which can be used. Why re-invent the wheel ?
*Website Security*
Coming back to your problem there is a quick and easy solution.
There are two files you would have to create:
.htaccess - this is in the dir/folder(s) you want password protected.
.htpasswd - this holds usernames and passwords encrypted .
This is a quick and simple solution.
Imagine your website is a 5 Chapter book.
you could restrict the final 2 chapters and index by placing a copy of .htaccess in each of the dirs.
my book - home directory (usually htdocs or similar)
/index.htm (intro txt with links to chapters )
/chap1/index.htm
/chap2/index.htm
/chap3/index.htm
/chap4/index.htm
/chap4/.htaccess
/chap5/index.htm
/chap5/.htaccess
/index/index.htm
/index/.htaccess
The .htpasswd file is placed outside the root directory
(you will need to telnet to do this or ask your webhost).
Why ?
stops people browsing the file:
www.mydomain...co.uk/.htpasswd
The disadvantage of this is that your users will need to be emailed a username and password by you before they can see the protected folders.
But this solution is really simple and will take you minutes to learn.
if your interested I can post a more detailed tutorial.
alternatively do a search on google for .htaccess tutorial.
Regards,
Ramesh
Unix is the best platform (IMHO).
Why ? Because theres is a lot of work which can be used. Why re-invent the wheel ?
*Website Security*
Coming back to your problem there is a quick and easy solution.
There are two files you would have to create:
.htaccess - this is in the dir/folder(s) you want password protected.
.htpasswd - this holds usernames and passwords encrypted .
This is a quick and simple solution.
Imagine your website is a 5 Chapter book.
you could restrict the final 2 chapters and index by placing a copy of .htaccess in each of the dirs.
my book - home directory (usually htdocs or similar)
/index.htm (intro txt with links to chapters )
/chap1/index.htm
/chap2/index.htm
/chap3/index.htm
/chap4/index.htm
/chap4/.htaccess
/chap5/index.htm
/chap5/.htaccess
/index/index.htm
/index/.htaccess
The .htpasswd file is placed outside the root directory
(you will need to telnet to do this or ask your webhost).
Why ?
stops people browsing the file:
www.mydomain...co.uk/.htpasswd
The disadvantage of this is that your users will need to be emailed a username and password by you before they can see the protected folders.
But this solution is really simple and will take you minutes to learn.
if your interested I can post a more detailed tutorial.
alternatively do a search on google for .htaccess tutorial.
Regards,
Ramesh
But using the htaccess route also means you have to either
a) allow your web app to execure htpasswd to create the user id and mail out the password
b) telnet in to create every user from scratch of for 10 users pain in the ass for anything more.
There is details of how to do this in the FAQ at www.inetproducts.com/ also of setting directory ownership and access rights on unix / linux
>> Edited by dontlift on Friday 1st August 19:53
a) allow your web app to execure htpasswd to create the user id and mail out the password
b) telnet in to create every user from scratch of for 10 users pain in the ass for anything more.
There is details of how to do this in the FAQ at www.inetproducts.com/ also of setting directory ownership and access rights on unix / linux
>> Edited by dontlift on Friday 1st August 19:53
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff