domain archteture for image security @ GoDaddy using Flash
Posted: Thu May 13, 2010 8:41 am
So very, very glad to have found this board. I've got some past experience in scripting, security and such in a Windows environment but not much in the Linux/PHP world so I am looking for some strategic guidance to help me get things off on the right foot. Pardon the length of this post but i know that good answers depend on good information.
The project involves selling members time limited access to photo galleries. Although i have already written my own membership payment and registration/login script I will most likely purchase a membership/subscriber access control package such as Sitelok (http://www.vibralogix.com/sitelokpw/index.php). The environment that I am currently working in consists of a deluxe shared linux account and vdedicated CentOS account with GoDaddy. The domain has previously been running on the shared account and it has higher disk storage and throughput allowances. My current strategy is to use the VDed machine simply as a secure file server and to continue to host all the public facing pages on the shared account. I purchased the VDed account becasue i could not access some of the security files (htpasswd, etc) on the deluxe shared account. I now see that there are membership access strategies that depend upon htaccess and the related built-in security controls and there are those like Sitelok that do not depend on the use of htaccess related controls.
Q1 - Any advantages or other considerations regarding the use of htaccess based security vs. non-htaccess security?
and
If the answer to Q1 is no, or that non-htaccess based security is better for some reason then perhaps there is no reason for two hosting accounts.
Q2 - Any recommendations on good membership subscription management package with ecommerce transaction OPTIONAL as i don't need it.
So now for the rest of the critical details and questions. I plan to serve the images to authenticed subscribers via Flash. I've been having a hell of time trying to get a Flash file hosted on the public page serving site to be able to access xml data and image files hosted on the VDed account. For some intutitive or otherwise just undefined reason; i like the idea of two servers. But given the coding difficulties that it creates and my lack of familarity with these platforms and the associated best practices for security -- perhaps i'm just unnecessarily torturing myself and delaying the launch of my project.
Q3 - Any commentary on the use of two, as opposed to one, server account in a good security architecture?
If the answer to Q2 is that the use of two server accounts has distinct advantages then;
Q4 - Any input or pointers on good Flash forums for help on crossdomain deployment of Flash?
Thanks to any and all for comments and suggestions.
Cheers,
Bob
The project involves selling members time limited access to photo galleries. Although i have already written my own membership payment and registration/login script I will most likely purchase a membership/subscriber access control package such as Sitelok (http://www.vibralogix.com/sitelokpw/index.php). The environment that I am currently working in consists of a deluxe shared linux account and vdedicated CentOS account with GoDaddy. The domain has previously been running on the shared account and it has higher disk storage and throughput allowances. My current strategy is to use the VDed machine simply as a secure file server and to continue to host all the public facing pages on the shared account. I purchased the VDed account becasue i could not access some of the security files (htpasswd, etc) on the deluxe shared account. I now see that there are membership access strategies that depend upon htaccess and the related built-in security controls and there are those like Sitelok that do not depend on the use of htaccess related controls.
Q1 - Any advantages or other considerations regarding the use of htaccess based security vs. non-htaccess security?
and
If the answer to Q1 is no, or that non-htaccess based security is better for some reason then perhaps there is no reason for two hosting accounts.
Q2 - Any recommendations on good membership subscription management package with ecommerce transaction OPTIONAL as i don't need it.
So now for the rest of the critical details and questions. I plan to serve the images to authenticed subscribers via Flash. I've been having a hell of time trying to get a Flash file hosted on the public page serving site to be able to access xml data and image files hosted on the VDed account. For some intutitive or otherwise just undefined reason; i like the idea of two servers. But given the coding difficulties that it creates and my lack of familarity with these platforms and the associated best practices for security -- perhaps i'm just unnecessarily torturing myself and delaying the launch of my project.
Q3 - Any commentary on the use of two, as opposed to one, server account in a good security architecture?
If the answer to Q2 is that the use of two server accounts has distinct advantages then;
Q4 - Any input or pointers on good Flash forums for help on crossdomain deployment of Flash?
Thanks to any and all for comments and suggestions.
Cheers,
Bob