 |
 |
MySQL security, and what charges to make site?
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: England
Status:
Offline
|
|
I have been given a new web design contract, to re-design www.cjk.co.uk and give it a database back end. It's the first database site I've ever done for a client, and I want to get it right.
Firstly, I'm planning on using PHP and MySQL. I'll write the code to read from the database, and supply them with PHPMyAdmin for adding records. How secure is PHPMyAdmin? I have it on my Mac and it doesn't ask for a password... can you make it do so?
Also, how much should I charge? I really have no idea how much to quote the guy for this... what would any other designers charge for this? I've been given all the information, but I don't have to enter it all, I just have to set up the site - they'll employ someone else for the typing (who'll work for less money, I guess).
Amorya
|
|
What the nerd community most often fail to realize is that all features aren't equal. A well implemented and well integrated feature in a convenient interface is worth way more than the same feature implemented crappy, or accessed through a annoying interface.
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: England
Status:
Offline
|
|
|
|
|
What the nerd community most often fail to realize is that all features aren't equal. A well implemented and well integrated feature in a convenient interface is worth way more than the same feature implemented crappy, or accessed through a annoying interface.
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2001
Location: Melbourne, Australia
Status:
Offline
|
|
Originally posted by Amorya:
<STRONG>I have been given a new web design contract, to re-design www.cjk.co.uk and give it a database back end. It's the first database site I've ever done for a client, and I want to get it right.
Firstly, I'm planning on using PHP and MySQL. I'll write the code to read from the database, and supply them with PHPMyAdmin for adding records. How secure is PHPMyAdmin? I have it on my Mac and it doesn't ask for a password... can you make it do so?
Also, how much should I charge? I really have no idea how much to quote the guy for this... what would any other designers charge for this? I've been given all the information, but I don't have to enter it all, I just have to set up the site - they'll employ someone else for the typing (who'll work for less money, I guess).
Amorya</STRONG>
Aaahhh. New business, lovely thing!
Pricewise, a famous designer - Marcello Minale - once said that a designer should never charge less than a plumber for their hourly rate. So figure out how long it will take you, multiply by 1.2 (because it will ALWAYS take longer) and then multiply by your hourly rate.
As for PHPAdmin, it is insecure in the fact that you must hardcode the server, login and password name into the config file in order for it to work properly on the server. My advice would be to password-protect the root directory of PHPAdmin with a .htaccess file - at least that way you've got a reasonable amount of protection.
If you're more serious about it, then I would suggest you write your own admin screens for the database, instead of PHPAdmin, which would employ a proprietary method for storing and retrieving passwords on the database. Each page would authenticate the login/password against the database and session ID to make it much harder to crack.
I believe some of the bigger PHP resource sites have excellent examples, as does even the documentation for PHP where every man and his 4-legged friend have contributed to the documentation with their own experience.
Good luck with the project
[ 01-17-2002: Message edited by: Simon Mundy ]
|
|
Computer thez nohhh...
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2000
Location: Shallow Alto, CA
Status:
Offline
|
|
I'd just buy a good book and start from there. There are a million ways you can overlook security if you are new to PHP and mysql (I know I violated just about every rule when I finally got a book that pointed out things NOT to do).
I like this one.
http://www.amazon.com/exec/obidos/AS...712267-5246516
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Status:
Offline
|
|
Originally posted by Amorya:
<STRONG>It's the first database site I've ever done for a client.</STRONG>
Do they know this?
Why are you using a platform that you are unaware about the security issues involved?
I would sub-contract a web developer and have them build the back-end while you do the front-end (if that's your specialty). You don't want to get sued when someone tells them that they downloaded their entire database and now have emails, passwords, etc.. And saying "I didn't know about that security hole" isn't going to help you.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: England
Status:
Offline
|
|
Originally posted by Raman:
<STRONG>
Do they know this?
Why are you using a platform that you are unaware about the security issues involved?
I would sub-contract a web developer and have them build the back-end while you do the front-end (if that's your specialty). You don't want to get sued when someone tells them that they downloaded their entire database and now have emails, passwords, etc.. And saying "I didn't know about that security hole" isn't going to help you.</STRONG>
They do know this.
I'm not going to get things wrong, that's why I'm asking around now for help 
I've done database sites before, just not for money. So I'm not a total novice
Amorya
|
|
What the nerd community most often fail to realize is that all features aren't equal. A well implemented and well integrated feature in a convenient interface is worth way more than the same feature implemented crappy, or accessed through a annoying interface.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
