So today my boss/manager walks in after a meeting,
"your project, its going on a rented server."
Well, not those words exactly, but the result is clear to me.
Where before it was behind a company firewall, and did not need exposure to the internet, it now needs tight security.
It needs all management available from a web interface. I had intended to remotely log on, or even put files on the server by local network/simpler means.
And what bothers me most, a bigger, more complex project and codebase...
I have picked up Netbeans, before i started on this project. It has refactoring and Git built-in and i was hoping to profit from this.
I have a decent understanding of php itself, and am trying to use a modular approach to this project to improve mantainability after launch(Classes).
Now, what i need help with, is organizing such a project. I had figured out what the actual application needs to do, now i need to add more management to it. How do i manage a larger project, is there some resource to learn from, a book to get?
Secondly, security... i THINK i have the right thoughts down from reading about security... Essentially use a peer-reviewed and well-used system. Use a salt and/or pepper in a hash in case of a DB leak. i got the phpmaster book which i believe to be great on those points.
Even so, i have never actually made a secure logon system... loooking for a resource or book here too.
How large of a project are we talking? Is it built on a framework such as Zend / CodeIgnitor?
No large frameworks as i am not comfortable with others work, or large constructs.
This project is going to be closed down... Which is to say manually create user accounts. I want tight security, because it will be somewhat sensitive information. I'm thinking https might be a good thing.
SQL sanity = PDO parameterized values, prepared statements. am i right?
Student information, and school plans used in conjunction to make personalized plans for each student, delivered as a word download.
I do not intend to store more than names as comes to personal information... But at some point it might interest someone to get at it... If even a script kiddie or teacher with some knowledge...
Main point though. It should only be accesible by teachers and staff.
I believe i can pull off the application, the security i will have to test thoroughly. BUT i am seriously doubting my ability to hold all the details organized neatly. thats where id need the most help right now, i can always come back to security BEFORE deploying.
And it'll be the biggest thing ive done to date, which means i want to take a precaution to make sure i understand it 6 months after its done.