I realize this question is pretty vague, but in a general sense...
Given I have a customer database in a MySQL db on a shared server, accessed by a system of PHP scripts. The scripts require logging in and each script is protected by requiring the presence of a $_SESSION var created by the login. How secure is my information against being accessed by one of my competetitors? (i.e. so they can find out who I'm selling to?)
Any guidance you can provide will be appreciated.
Site security from competition
Moderator: General Moderators
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
- Bill H
- DevNet Resident
- Posts: 1136
- Joined: Sat Jun 01, 2002 10:16 am
- Location: San Diego CA
- Contact:
My client is in the "mystery shopping" business. Not very high profile, and competition is not very sophisticated, so I'm not sure how concerned they need to be. Trade off would be to install IIS, PHP and MySQL on their office system, but they've gotten spoiled by the ability to work from home as easily as from their office. And I know they don't want the risk of opening up remote access to their office system.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
They have to be high profile enough to do business which is pretty high profile.Bill H wrote:Not very high profile...
Never underestamate the competition. Since their "secret shoppers" you may want to add their customer's competition to the threat list.Bill H wrote:... and competition is not very sophisticated ...
If they're accessing the internet from their office system then they already have open up remote access to their office system.Bill H wrote:Trade off would be to install IIS, PHP and MySQL on their office system, but they've gotten spoiled by the ability to work from home as easily as from their office. And I know they don't want the risk of opening up remote access to their office system.
Having made those points ...
It's really the customers decision, you just have to make sure they understand their options and the associated risks and benefits. If they are comfortable with the internet setup then what can you do to reduce the risk even futher?
And as Ambush Commander said...
... which would lessen the risk.Try a dedicated server or colocation. Usually, it's a lot better than hosting it from your basement (no fear of being slashdotted either).