SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php project escalated, advice sought

    So today my boss/manager walks in after a meeting,
    "your project, its going on a rented server."
    Well, not those words exactly, but the result is clear to me.

    Where before it was behind a company firewall, and did not need exposure to the internet, it now needs tight security.
    It needs all management available from a web interface. I had intended to remotely log on, or even put files on the server by local network/simpler means.

    And what bothers me most, a bigger, more complex project and codebase...

    I have picked up Netbeans, before i started on this project. It has refactoring and Git built-in and i was hoping to profit from this.
    I have a decent understanding of php itself, and am trying to use a modular approach to this project to improve mantainability after launch(Classes).

    Now, what i need help with, is organizing such a project. I had figured out what the actual application needs to do, now i need to add more management to it. How do i manage a larger project, is there some resource to learn from, a book to get?

    Secondly, security... i THINK i have the right thoughts down from reading about security... Essentially use a peer-reviewed and well-used system. Use a salt and/or pepper in a hash in case of a DB leak. i got the phpmaster book which i believe to be great on those points.
    Even so, i have never actually made a secure logon system... loooking for a resource or book here too.

    I have rambled on... for too long.

    Thanks in advance.

  2. #2
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,178
    Mentioned
    63 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by Frenz48 View Post
    I have rambled on... for too long.
    Never.

    So the big bullet points before taking this thing offsite IMO are going to be 1) sql sensitization and 2) as you stated, private data security in case of breach.

    I'm not sure this thread went exactly where I wanted it to, but it might bring something useful to you: http://www.sitepoint.com/forums/show...-talk-security

    How large of a project are we talking? Is it built on a framework such as Zend / CodeIgnitor?

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by K. Wolfe View Post
    How large of a project are we talking? Is it built on a framework such as Zend / CodeIgnitor?
    No large frameworks as i am not comfortable with others work, or large constructs.

    This project is going to be closed down... Which is to say manually create user accounts. I want tight security, because it will be somewhat sensitive information. I'm thinking https might be a good thing.

    SQL sanity = PDO parameterized values, prepared statements. am i right?

  4. #4
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,178
    Mentioned
    63 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by Frenz48 View Post
    SQL sanity = PDO parameterized values, prepared statements. am i right?
    It's a start.. what kind of sensitive data?

  5. #5
    SitePoint Enthusiast
    Join Date
    Dec 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Student information, and school plans used in conjunction to make personalized plans for each student, delivered as a word download.
    I do not intend to store more than names as comes to personal information... But at some point it might interest someone to get at it... If even a script kiddie or teacher with some knowledge...
    Main point though. It should only be accesible by teachers and staff.

    I believe i can pull off the application, the security i will have to test thoroughly. BUT i am seriously doubting my ability to hold all the details organized neatly. thats where id need the most help right now, i can always come back to security BEFORE deploying.

    And it'll be the biggest thing ive done to date, which means i want to take a precaution to make sure i understand it 6 months after its done.

  6. #6
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,178
    Mentioned
    63 Post(s)
    Tagged
    2 Thread(s)
    Perhaps some ip address restrictions could be of use?

  7. #7
    SitePoint Enthusiast
    Join Date
    Dec 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the help on this. IP restrictions could come in handy, will have to consider the possibility.
    Now, sleep, then think this over tomorrow on a refreshed brain.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •