How to set-up a large but secure user/registration db ...
Posted: Sat Sep 02, 2006 12:13 pm
Dear,
I would like to set-up a large user/registration database (php5 / MySql / Apache) for my site and I am new to this, so bear with me ... I would like to have the following included:
I have 4 main concerns: performance, security, database capacity, login process.
We are talking about:
Normal registration form (username, password, first-last name, some other fields)
Password should be sha hashed
email address should be encrypted and stored in database!
3 levels of validation before you get registered as a user (1: just fill out the registration form, 2:click on link in email 3: confirmation by 2 friends that also register in the database)
Should I handle the 3 stages (of users) in 3 separate databases, or tables ... after each stage move them to other database or table in same database?
How do I prevent being hacked so they can read the database?
How do you securely store an email address in a database, what if the database get compromised ... can we for example use every day a new encryption key etc ... so that only few users are encrypted with same key (store key's per day of site ...)
Should I use stored sessions in multiple databases - will this decrease the performance ?
Is it wise to use remember me cookie?
I am not building nsa prove database but should be secure if you know what I mean I am what para...
Concerning performance/capacity
let say you have about 1 user registering every second, do I use 2 or 3 separate tables in separate databases ...
how do i calculate the bytes being passed by the server ...
Form validation
How should validation be dealt with, javascript, php, ajax ...
If you have any other questions that I have not covered yet, then please let me know.
If you are a high end php/mysql programmer and want to earn a few bucks you can contact me as well.
Please do not comment me on the 1 user a second, it's just that I want to present you with a target, if this target will be reached is not the issue right know.
Maybe I need to post the security questions in the security section of this forum, then please let me know.
But would like to handle this as a complete project. A lot of login/registration scripts are just around for grabs but few/none have what I am looking for...
I would like to set-up a large user/registration database (php5 / MySql / Apache) for my site and I am new to this, so bear with me ... I would like to have the following included:
I have 4 main concerns: performance, security, database capacity, login process.
We are talking about:
Normal registration form (username, password, first-last name, some other fields)
Password should be sha hashed
email address should be encrypted and stored in database!
3 levels of validation before you get registered as a user (1: just fill out the registration form, 2:click on link in email 3: confirmation by 2 friends that also register in the database)
Should I handle the 3 stages (of users) in 3 separate databases, or tables ... after each stage move them to other database or table in same database?
How do I prevent being hacked so they can read the database?
How do you securely store an email address in a database, what if the database get compromised ... can we for example use every day a new encryption key etc ... so that only few users are encrypted with same key (store key's per day of site ...)
Should I use stored sessions in multiple databases - will this decrease the performance ?
Is it wise to use remember me cookie?
I am not building nsa prove database but should be secure if you know what I mean I am what para...
Concerning performance/capacity
let say you have about 1 user registering every second, do I use 2 or 3 separate tables in separate databases ...
how do i calculate the bytes being passed by the server ...
Form validation
How should validation be dealt with, javascript, php, ajax ...
If you have any other questions that I have not covered yet, then please let me know.
If you are a high end php/mysql programmer and want to earn a few bucks you can contact me as well.
Please do not comment me on the 1 user a second, it's just that I want to present you with a target, if this target will be reached is not the issue right know.
Maybe I need to post the security questions in the security section of this forum, then please let me know.
But would like to handle this as a complete project. A lot of login/registration scripts are just around for grabs but few/none have what I am looking for...