Page 1 of 1
Site security from competition
Posted: Tue Jun 14, 2005 7:15 pm
by Bill H
I realize this question is pretty vague, but in a general sense...
Given I have a customer database in a MySQL db on a shared server, accessed by a system of PHP scripts. The scripts require logging in and each script is protected by requiring the presence of a $_SESSION var created by the login. How secure is my information against being accessed by one of my competetitors? (i.e. so they can find out who I'm selling to?)
Any guidance you can provide will be appreciated.
Posted: Tue Jun 14, 2005 7:32 pm
by Buddha443556
Your on a shared server expect no privacy. No matter how tight your scripts are coded, doesn't change the fact your on a shared server.
If I may ask, what are you selling?
Posted: Tue Jun 14, 2005 8:56 pm
by Bill H
My client is in the "mystery shopping" business. Not very high profile, and competition is not very sophisticated, so I'm not sure how concerned they need to be. Trade off would be to install IIS, PHP and MySQL on their office system, but they've gotten spoiled by the ability to work from home as easily as from their office. And I know they don't want the risk of opening up remote access to their office system.
Posted: Tue Jun 14, 2005 9:26 pm
by Ambush Commander
Try a dedicated server or colocation. Usually, it's a lot better than hosting it from your basement (no fear of being slashdotted either).
Posted: Tue Jun 14, 2005 9:48 pm
by Buddha443556
Bill H wrote:Not very high profile...
They have to be high profile enough to do business which is pretty high profile.
Bill H wrote:... and competition is not very sophisticated ...
Never underestamate the competition. Since their "secret shoppers" you may want to add their customer's competition to the threat list.
Bill H wrote:Trade off would be to install IIS, PHP and MySQL on their office system, but they've gotten spoiled by the ability to work from home as easily as from their office. And I know they don't want the risk of opening up remote access to their office system.
If they're accessing the internet from their office system then they already have open up remote access to their office system.
Having made those points ...
It's really the customers decision, you just have to make sure they understand their options and the associated risks and benefits. If they are comfortable with the internet setup then what can you do to reduce the risk even futher?
And as Ambush Commander said...
Try a dedicated server or colocation. Usually, it's a lot better than hosting it from your basement (no fear of being slashdotted either).
... which would lessen the risk.