SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict
    Join Date
    Sep 2011
    Posts
    264
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Custom PHP Admin Section

    Hi, I am in the middle of developing (using Codeigniter) a site at the moment and it requires a complex Admin section so that staff can manage various things on the site.

    I am looking for some advice on how I can make the Admin as secure as possible because, like any other site, if someone gains access to the admin section then they could destroy the site in a matter of seconds.

    I was thinking of doing the following:

    01 - setting the admin section up on a sub directory such as adm1nistrat0r.website.com
    02 - securing the admin section with a login section before the admin pages can be accessed
    03 - securing the directory with htaccess

    Can anyone recommend any other methods that I could use? Thanks in advance for your help...

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    This reply addresses how to protect your databases from sql injections, should the worst come to the worst and you have allowed such attacks to take place.

    if someone gains access to the admin section then they could destroy the site in a matter of seconds.
    If, by this you mean that they could empty your Mysql databases, then read up on using Mysql's permission system so that they cannot delete anything.

    Mysql GRANT permissions.

    Taken to its logical extreme, visitors to your website should old ever be able to "read" from your db and therefore have permission to change data only in those tables you permit them.

    Your admin users will probably have more permissions on more tables, but think about how to deny them the ability to DROP and DELETE.

    One way to do this is to flag old content as "not for display", there are pros and cons of course e.g. you now have a "restore" feature, but you also have to deal with a ballooning amount of content.

    If you are going to read up on this and take some action such as having a play with it, then beware of the big fat gotcha concerning "FLUSH PRIVILEGES".

    If you don't issue that command after every alteration, you will suffer temporary madness, or worse, skip over this important layer of security because it will not seem to work.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •