Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 3 of 3
Like Tree2Likes
  • 1 Post By TheGAME1264
  • 1 Post By Vapr_Arts

Thread: How to create website, with member profile pages.

  1. #1
    Junior Member
    Join Date
    Mar 2016
    Posts
    1
    Member #
    53730

    How to create website, with member profile pages.

    I am looking for advice here, not someone to write the code for me.

    I just don't want to waste a lot of time, looking in the wrong direction.

    I am creating a website, where members can join and create a basic profile page.

    It is NOT a dating site, but it will function in a similar manner.

    When a member joins, they will create a profile page. This page must be linked to a password protected account, so that only the member can update it.

    I am using Apache, MySQL and PHP on CentOS, as my primary components.

    Note that I have created Apache, MySQL, PHP websites before, but on our corporate intranet, and I did not need to create password protected member accounts.

    So, I have experience creating more than just basic web pages.

    My question is this:

    What is the best mechanism for securing these individual profile pages?

    For this specific requirement, can anyone point me to a white paper, howto, web page, instructions, examples, etc.?

    Thanks in advance, and have a great weekend.

    jxfish2

  2.  

  3. #2
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    The best mechanisms are an SSL (to avoid data interception in transit) and some form of encryption for the usernames/passwords in the database. The latter falls under the "no universal answer"/"highly subject to opinion" category. Some of the "generally accepted truisms" in this are:

    1) One-way encryption is more secure than two-way encryption.

    2) There is no such thing as "true security". The best you can do is to make it as difficult as possible and reduce the payload for a hacker as much as possible so that (s)he doesn't waste his/her time.

    3) Simply encrypting data isn't always enough. You may also need to look at hardware/software firewalls and tightening those up as much as possible among other things, depending on what you're doing.

    4) Again this depends on what you're doing, but looking into regular PCI compliance audits is a good idea. If you're taking payments for your members and you're hosting your own payment pages, this is a requirement...and to be perfectly frank, it's about as enjoyable as a colonoscopy performed by a doctor using a selfie stick with a cell phone at the end. If you can pass your audit, however, you've covered the vast majority of potential liability issues and depending on your payment processor, you may have liability coverage if you do get hacked.

    Basically, what I'm trying to say is that there is no single mechanism. It's a bunch of things, and they're quite often layered. I'm also a fan of using obscurity as a layer where/when possible.
    satindertech likes this.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  4. #3
    Senior Member Vapr_Arts's Avatar
    Join Date
    Oct 2013
    Location
    California
    Posts
    1,930
    Member #
    37412
    Liked
    544 times
    You mentioned building sites like this before minus the user login. Im not sure how much you know, but a few basic tips I'd mention is

    1. Make sure you hash passwords. Php has built in hashing capabilities using md5() or sha1() and sha256().

    2. If you're going to use php I would make sure to use PDO and prepared statements to combat sql injections.

    Using sessions and passing variables around, checking that its authenticated/logged in if they are allow them to the site, if not redirect to a login page.

    I do not deal with credit cards or eCommerce at this time. Personally been trying to avoid it. So I know nothing about PCI compliance, other than if you're taking payments you should be.


    Sent from my iPhone using Tapatalk
    satindertech likes this.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Tags for this Thread

All times are GMT -6. The time now is 09:25 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com