So very, very glad to have found this board. I've got some past experience in scripting, security and such in a Windows environment but not much in the Linux/PHP world so I am looking for some strategic guidance to help me get things off on the right foot. Pardon the length of this post but i know that good answers depend on good information.
The project involves selling members time limited access to photo galleries. Although i have already written my own membership payment and registration/login script I will most likely purchase a membership/subscriber access control package such as Sitelok (http://www.vibralogix.com/sitelokpw/index.php). The environment that I am currently working in consists of a deluxe shared linux account and vdedicated CentOS account with GoDaddy. The domain has previously been running on the shared account and it has higher disk storage and throughput allowances. My current strategy is to use the VDed machine simply as a secure file server and to continue to host all the public facing pages on the shared account. I purchased the VDed account becasue i could not access some of the security files (htpasswd, etc) on the deluxe shared account. I now see that there are membership access strategies that depend upon htaccess and the related built-in security controls and there are those like Sitelok that do not depend on the use of htaccess related controls.
Q1 - Any advantages or other considerations regarding the use of htaccess based security vs. non-htaccess security?
and
If the answer to Q1 is no, or that non-htaccess based security is better for some reason then perhaps there is no reason for two hosting accounts.
Q2 - Any recommendations on good membership subscription management package with ecommerce transaction OPTIONAL as i don't need it.
So now for the rest of the critical details and questions. I plan to serve the images to authenticed subscribers via Flash. I've been having a hell of time trying to get a Flash file hosted on the public page serving site to be able to access xml data and image files hosted on the VDed account. For some intutitive or otherwise just undefined reason; i like the idea of two servers. But given the coding difficulties that it creates and my lack of familarity with these platforms and the associated best practices for security -- perhaps i'm just unnecessarily torturing myself and delaying the launch of my project.
Q3 - Any commentary on the use of two, as opposed to one, server account in a good security architecture?
If the answer to Q2 is that the use of two server accounts has distinct advantages then;
Q4 - Any input or pointers on good Flash forums for help on crossdomain deployment of Flash?
Thanks to any and all for comments and suggestions.
Cheers,
Bob
domain archteture for image security @ GoDaddy using Flash
Moderator: General Moderators
Re: domain archteture for image security @ GoDaddy using Fla
Session based security is only as secure as your code, but it is much more flexible. htaccess security is tried & true, but it is inflexible in that it can be more difficult to add/remove accounts programmatically, although it can be done.blagarde wrote:Q1 - Any advantages or other considerations regarding the use of htaccess based security vs. non-htaccess security?
Depends on the purpose of each account. I'm assuming by accounts you mean servers.blagarde wrote:If the answer to Q1 is no, or that non-htaccess based security is better for some reason then perhaps there is no reason for two hosting accounts.
You seem to be looking for an authentication system that allows you to add/remove users and/or create memberships for a certain period of time. This is fairly simple, so you may be able to find something floating around, otherwise you'll need to roll your own.blagarde wrote:Q2 - Any recommendations on good membership subscription management package with ecommerce transaction OPTIONAL as i don't need it.
Why? It's much less convenient, bloated, complicated and if I want the image I'll take a screen shot. Maybe look into watermarks.blagarde wrote:I plan to serve the images to authenticed subscribers via Flash.
What are these pictures of, anyway?blagarde wrote:Q3 - Any commentary on the use of two, as opposed to one, server account in a good security architecture?