How to set-up a large but secure user/registration db ...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gf05856
Forum Newbie
Posts: 16
Joined: Sat Sep 02, 2006 11:17 am
Location: Belgium

How to set-up a large but secure user/registration db ...

Post by gf05856 »

Dear,

I would like to set-up a large user/registration database (php5 / MySql / Apache) for my site and I am new to this, so bear with me ... I would like to have the following included:

I have 4 main concerns: performance, security, database capacity, login process.

We are talking about:

Normal registration form (username, password, first-last name, some other fields)
Password should be sha hashed
email address should be encrypted and stored in database!

3 levels of validation before you get registered as a user (1: just fill out the registration form, 2:click on link in email 3: confirmation by 2 friends that also register in the database)

Should I handle the 3 stages (of users) in 3 separate databases, or tables ... after each stage move them to other database or table in same database?
How do I prevent being hacked so they can read the database?
How do you securely store an email address in a database, what if the database get compromised ... can we for example use every day a new encryption key etc ... so that only few users are encrypted with same key (store key's per day of site ...)
Should I use stored sessions in multiple databases - will this decrease the performance ?
Is it wise to use remember me cookie?
I am not building nsa prove database but should be secure if you know what I mean I am what para...

Concerning performance/capacity
let say you have about 1 user registering every second, do I use 2 or 3 separate tables in separate databases ...
how do i calculate the bytes being passed by the server ...

Form validation
How should validation be dealt with, javascript, php, ajax ...

If you have any other questions that I have not covered yet, then please let me know.
If you are a high end php/mysql programmer and want to earn a few bucks you can contact me as well.
Please do not comment me on the 1 user a second, it's just that I want to present you with a target, if this target will be reached is not the issue right know.
Maybe I need to post the security questions in the security section of this forum, then please let me know.
But would like to handle this as a complete project. A lot of login/registration scripts are just around for grabs but few/none have what I am looking for...
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Maybe you could break the many questions you have in some smaller, more concrete questions. Preferably with some code examples. I think you might get some more help then. Just a suggestion.
Post Reply