I have built an intranet for a VERY large company, and they are querying how secure the site is because it contains some sensitive information.
I didn't write the login script myself, i am using phpSecurePages which can be found at http://www.phpsecurepages.com/.
Just wondering if anyone has had any experience with this script and know how secure or not secure it is.
What possibles holes are there?
Thanks
Mark
How secure is this login script?
Moderator: General Moderators
- SantaGhost
- Forum Commoner
- Posts: 41
- Joined: Mon Sep 15, 2003 11:54 am
as far as php is concerned user clients cant access the php files source or database unless they have access to the filesystem (ftp) if the pc where the site is running can be exploited there is a possibility of passwords etc. retrieval, but this is "allways" a possibility.
secondly there are very good encryption systems for php so its at least pretty hard to crack a good secure machine. Normally its impossible. Be shure to run apache, newest version of php and linux/unix with newest updates to minimize security holes, but php is secure as long as you keep your database uname/pw private.
secondly there are very good encryption systems for php so its at least pretty hard to crack a good secure machine. Normally its impossible. Be shure to run apache, newest version of php and linux/unix with newest updates to minimize security holes, but php is secure as long as you keep your database uname/pw private.
If I'm not mistaken security and sensitive information doesn't really have to do with "the outside". An intranet is on a very large company has no outside access whatsoever, so I guess the ideas of security is that if somone on the inside might be able to view information they shouldn't.m3rajk wrote:umm
is the intranet local to one building?
if not how do they go between buildings? vpn?
if the answer to the first is yes or the second is vpn, it's as secure as the vpn as long as you don't let the world see it
Medical records, what different employees gets payed, CEO's personal notes... Not something John Doe in the warehouse should be able to read on his break...
Sorry, Bech, but havn't used it, so I dont dare speak of it.