SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member Ltype's Avatar
    Join Date
    Oct 2004
    Location
    Montreal
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How much security

    Hi,
    I want to offer to our customers the ability to view what equipment they have purchased from us by listing the serial number, an image of the equipment and maybe 10 other fields that relate to each serial number. At this moment, we will not be giving permission to update or change the info.

    We donít want this info made available to everyone so each customer would have a username and pwd to access their own info.

    I am uncertain of the level of security needed. The info we are making available is not top secret but we would hate to have this easily accessible (hackable).

    Also, how secure is password protecting a folder? Would that be sufficient enough?


    Thank you,
    Ltype

  2. #2
    SitePoint Evangelist ldivinag's Avatar
    Join Date
    Jan 2005
    Location
    N37 33* W122 3*
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    nothing is ever secure.

    just make it HARDER for the casual cracker to break.

    if you are using apache, i believe the HTPASSWD uses MD5...

    http://httpd.apache.org/docs-2.0/programs/htpasswd.html
    leo d.

  3. #3
    SitePoint Wizard HarryR's Avatar
    Join Date
    Dec 2004
    Location
    London, UK
    Posts
    1,376
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The apache htpasswd utility (and the original NCSA htpasswd) use the crypt(3) command on everything other that Microsoft Windows (where md5 is used by default).

    The standard UNIX crypt() is a fairly out dated hashing method that is trivial to brute-force with todays hardware.

    To force md5 hashing of passwords you can use the '-m' argument of the htpasswd utility, but md5 support was only implemented in v1.3.4 (January 1999 - see the CVS commit here: http://mail-archives.apache.org/mod_...perreal.org%3E ).

    When a mixed crypt/md5 .htpasswd file is used, apache can use either md5 or crypt. For a reference to using .htpasswd password protection with Apache please see the following page from the Apache 2.0 documentation http://httpd.apache.org/docs-2.0/howto/auth.html .

  4. #4
    get into it! bigduke's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    847
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If your customers ar egoing to be looking at the information through your website then I believe a simple login system would do. Ofcourse, its only simple to use, deep inside its a myriad of convoluted ugly looking monsterous code. Just kidding but yes its fairly complex on the inside.

    Also might I add, if its not top secret, they wont attempt to steal it either


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •