Computer Related > PHP and database security Miscellaneous
Thread Author: RattleandSmoke Replies: 8
View Threaded 

New Wed 16 Mar 11 21:47 
 PHP and database security - RattleandSmoke
I am creating a management system with PHP and MySQL and having to relearn a lot of it as I am now very rusty.

My question is simply having a user-name and password going to be secure enough to keep access to the database safe?

My host is a well known and trustworthy company specialising in business hosting.

Just nervous if it did get hacked into then people could access my customers name and addresses.

Just wondered if anything has moved on since I was did any real level web development circa 2005.

Reply to this message | Report message
       
New Wed 16 Mar 11 21:52 
 PHP and database security - rtj70
Why not host it at home? Removes the risk of anyone else compromising it. Or is it meant for others to access via the Internet?

I'd think username and password both need encrypting for starters with one way hash on the password as a minimum.
Reply to this message | Report message
       
New Wed 16 Mar 11 21:56 
 PHP and database security - RattleandSmoke
Yep will use an MD5 hash for the login password.

The idea is I could generate invoices on the fly at clients houses and then save it to a PDF for printing.

Have been meaning to start this project for a couple of years but security worries have always got in the way.

I will be the only user, but if I hosted at home would want to host it on a machine a bit more secure than my PC, e.g not on the general network that means faffing about isolating a machine.

I

Last edited by: RattleandSmoke on Wed 16 Mar 11 at 21:58
Reply to this message | Report message
       
New Wed 16 Mar 11 22:00 
 PHP and database security - rtj70
Could you write it on an Android and email the PDFs from there?
Reply to this message | Report message
       
New Thu 17 Mar 11 12:48 
 PHP and database security - movilogo
You may try Oracle Apex instead.

It is GUI driven and you can develop applications rapidly. The underlying database is Oracle so security is robust.

You can try it free here apex.oracle.com/i/index.html

If it feels good, then you can host your application in some Apex host providers (they are quite cheap but not many Apex hosts in UK).

If developing via PHP/MySQL, at least make sure it is not vulnerable to SQL injection attack.

You can't plan against dedicated hackers but don't think anyone will be interested in your customers' names & address :-)
Last edited by: movilogo on Thu 17 Mar 11 at 12:50
Reply to this message | Report message
       
New Thu 17 Mar 11 19:25 
 PHP and database security - Fursty Ferret
Just bung it in an Excel speadsheet on your laptop and run TrueCrypt.

Actually - why aren't you using Sage or something for your accounts? It'll generate and track invoices for you.

Reply to this message | Report message
       
New Sun 27 Mar 11 11:11 
 PHP and database security - teabelly
There are online invoice tools which are much better than making your own. Look at Ronin. And There is also paymo. Ronin also creates a customer login too so your regulars can keep track of all your payments and there is a paypal payment option if you use the paid for one. The free one allows 2 clients. the Paymo one which is only $4 a month allows more. I haven't tried that but others have said it is quite good. Freeagent is another. That is more geared to be a full online accounting package as it has tax calculation built in.

From a liability point of view you are much better using something paid for and built by someone else. If you roll your own and it gets hacked then you will get all the flack.

By definition if you put something online it can be seen by others. If you want customer data completely confidential then you don't put it on an internet connected computer even!

Reply to this message | Report message
       
New Thu 31 Mar 11 12:47 
 PHP and database security - RattleandSmoke
No point on using Sage, my accounts are really very simple, just how much I have been paid and what my costs are. All done in a spreadsheet at the moment.

I am thinking a paid system might be the best bet but it still doesn't solve the problem of duplicating invoices.
Reply to this message | Report message
       
New Thu 31 Mar 11 12:59 
 PHP and database security - car4play
Hi Rattle

I think what you might be looking for is something like our "service activity" plug in module in iPages. Some contractors use this to log hours or projects done at different clients and then it creates the invoice for that activity. The ipages order management system then will handle all your sales order processing - basically giving you summaries and reports of net/vat/gross figures. You can choose to import this into Sage or just use the numbers it gives you. If you aren't VAT registered you can just set this to zero.
Just drop me a line if interested - or fill in the enquiry form at iPages.biz.
As you are a Car4play valued user I am sure we can work something out.
Reply to this message | Report message
       
Latest Forum Posts