Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 9 of 9
Like Tree1Likes
  • 1 Post By delstu

Thread: Restricting Website access

  1. #1
    Junior Member
    Join Date
    Oct 2018
    Posts
    11
    Member #
    60072

    Restricting Website access

    Hi,

    I am an experienced web developer but I am a little (lot) out of my depth on this one.

    The project requires that the owner places information on a webpage, one whole page of a report, so its one whole webpage.. (its a financial site)

    The owner then wants to send a link to another party so that they can read that page and no other pages, its a financial report.

    what MUST NOT HAPPEN is that the page must not be accessible by other parties like snoopers, other users and definitely not search robots.

    So its one page that can only be accessed by an authorized party, preferably through a single URL click link..

    We have available PHP, Javascript, .htaccess and cookies.

    I think I can stop search engines by using the robots file, provided they abide by the robot rules.

    But snoopers ? and other users just fiddling with URLS?

    How do I implement this type of security?

    Any help appreciated.

  2.  

  3. #2
    Senior Member
    Join Date
    Feb 2006
    Posts
    791
    Member #
    12463
    Liked
    299 times
    Require a unique password to access the page.
    muuwebdesign likes this.

  4. #3
    Member muuwebdesign's Avatar
    Join Date
    Aug 2018
    Location
    Tulsa, OK
    Posts
    37
    Member #
    59932
    Liked
    6 times
    Can you use Google Drive to post the report? That would probrably be the safest and easiest option and then give the party access to the document.
    Muu Web Design | Life is awesome!

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,772
    Member #
    5580
    Liked
    723 times
    Create a PHP user register and login script.
    Then it uses PHP SESSION to control what a person sees.
    This also uses an SQL database so information is queried only to the people who need it.

    It can also allow PDF files to be generated (financial reports) and emailed to people or only served to people who are allowed to view it.

    If you are a web developer you should already know how to do all of this. That sort of has me baffled ... what do you develop?


  6. #5
    Junior Member
    Join Date
    Oct 2018
    Posts
    11
    Member #
    60072
    Quote Originally Posted by mlseim View Post
    Create a PHP user register and login script.
    Then it uses PHP SESSION to control what a person sees.
    This also uses an SQL database so information is queried only to the people who need it.

    It can also allow PDF files to be generated (financial reports) and emailed to people or only served to people who are allowed to view it.

    If you are a web developer you should already know how to do all of this. That sort of has me baffled ... what do you develop?
    Thanks mlseim, I'm working along those lines. (The report can't be made in to a PDF on the fly as it contains videos and other document references.)

    Problem is that the owner is petrified of hackers... They had another developer do this for them previously and it failed and they ended up in court, so whatever method I choose it has to be absolutely locked down..

    Making a SESSION hack proof is a problem, although it can be made reasonably secure, using MySql to supply data and populate the page is probably the best control I'd have..

    My 30+ years in IT is mainly in application programming (executables and databases) , I still have lots to learn about web programming, especially in the security area..

    Thanks again..

  7. #6
    Junior Member
    Join Date
    Oct 2018
    Posts
    11
    Member #
    60072
    Quote Originally Posted by delstu View Post
    Require a unique password to access the page.
    Thanks Delstu, but the owner dosen't want the viewing party to have to use password etc to log in, just click the link and be taken to the page.
    problem come when people start fiddling with the url link to see what else they can find...

  8. #7
    Junior Member
    Join Date
    Oct 2018
    Posts
    11
    Member #
    60072
    Quote Originally Posted by muuwebdesign View Post
    Can you use Google Drive to post the report? That would probrably be the safest and easiest option and then give the party access to the document.
    Thanks Muu...

    Excellent Idea, but Google Drive may need passwords and costs, but I could implement the same concept using a protected part of the site or another server.
    Thanks,
    best idea so far..

  9. #8
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,772
    Member #
    5580
    Liked
    723 times
    There is absolutely NO way to make it hack proof.
    Look at the government, facebook, credit card companies, etc.
    They spend millions of dollars on equipment and software and they can't make it secure.

    If they don't want anyone to hack it or get information, then they should not be using the internet.
    Even the old "send it in the mail" is more secure than the internet.

    I think they are dreaming. They should simply accept the risk if they choose to use a website.

    Google Drive may need passwords and costs
    ???!!

    You mean they want to do it for free too? And they are bummed out that they will need to use passwords?
    Seriously?
    Last edited by mlseim; Oct 05th, 2018 at 04:27 PM.


  10. #9
    Junior Member
    Join Date
    Oct 2018
    Posts
    11
    Member #
    60072
    Quote Originally Posted by mlseim View Post
    There is absolutely NO way to make it hack proof.
    Look at the government, facebook, credit card companies, etc.
    They spend millions of dollars on equipment and software and they can't make it secure.

    If they don't want anyone to hack it or get information, then they should not be using the internet.
    Even the old "send it in the mail" is more secure than the internet.

    I think they are dreaming. They should simply accept the risk if they choose to use a website.



    ???!!

    You mean they want to do it for free too? And they are bummed out that they will need to use passwords?
    Seriously?
    I absolutely agree that there is no way to make it hack proof if some hacker seriously wants to break in they will find a way.
    I've already pointed this out, but we need to protect their privacy, big issue since the owner already got in to trouble from a previous project.

    I guess I'll just have to protect it best way I can, use a CRC check in the URL and have a live time setting for access, then encrypts everything I can..
    and no they are not bummed out.. not by a long shot..


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:54 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com