Designing a fast and secure php bot application
Posted: Tue Jul 07, 2009 4:31 am
Hi guys, I hope that I am posting this topic on the right section.
I am investigating the possibility of designing a specific php bot application and would like some advice on design and security, links to some usefull resources or even some similar applications or code snippets.
Here is the situation:
We are building a website that will contain a reserved users area, so users will be able to login and access their data, and even modify some of it.
Now, this data, or users database is in an old Oracle DB that is no accessed directly but instead can be accessed at terminal by an operator's interface. This interface shows all data that needs to be displayed at the web page and that is possible to modify.
Web page and the Oracle DB and interface application will most probably be hosted in different machines (mayb different networks).
We thought that we could use a robot that gets a request from the webpage (request to fill in user's details, request to force a change in address, phone #, payment status, etc) and then opens the interface application that will query the Oracle DB as a normal operator would do, then it must fetch data from the intsrface and send it back to the web page for displaying.
We are looking for a simple bot, fast, secure (not allowing other commands/data requests/data modifications than the ones defined upfront), and that shall not allow more than 5 users to be accessing the Oracle DB through the interface application at the same time, so we need to open and close sessions only when needed.
Any suggestions, ideas, links to useful resources?
Thanks in advance
I am investigating the possibility of designing a specific php bot application and would like some advice on design and security, links to some usefull resources or even some similar applications or code snippets.
Here is the situation:
We are building a website that will contain a reserved users area, so users will be able to login and access their data, and even modify some of it.
Now, this data, or users database is in an old Oracle DB that is no accessed directly but instead can be accessed at terminal by an operator's interface. This interface shows all data that needs to be displayed at the web page and that is possible to modify.
Web page and the Oracle DB and interface application will most probably be hosted in different machines (mayb different networks).
We thought that we could use a robot that gets a request from the webpage (request to fill in user's details, request to force a change in address, phone #, payment status, etc) and then opens the interface application that will query the Oracle DB as a normal operator would do, then it must fetch data from the intsrface and send it back to the web page for displaying.
We are looking for a simple bot, fast, secure (not allowing other commands/data requests/data modifications than the ones defined upfront), and that shall not allow more than 5 users to be accessing the Oracle DB through the interface application at the same time, so we need to open and close sessions only when needed.
Any suggestions, ideas, links to useful resources?
Thanks in advance