Site Security ?

April 2nd, 2006 by Quatrux

Every Site wants to be secure ? right ? Well, I think I have overdone, but I feel alright now, I totally rewrote my Quatrux theSite CMS and now it is very secure, in fact I can run several sites on it in different directories.. cool isn’t it ? there are library files which is always used, they are placed in a non public directory, I mean /home/user/private/theSite-library/ which are included with php include function. No one can access that directory except for the owner of the files, ftp user and I made a quite cool chmod for it.

The site runs on one index.php file which has several lines to define stuff, and some files in /dir/ directory which is protected by password using .htaccess so no one can access it except for php, perl etc. all the passwords in settings file are hashed using random hasher numbers and I just check the value and never can know it, but for mysql passwords I made it like this ? decrypt($settings['mysql']['password']); and it returns the value, this function is my own written custom function. The other files is just the template for the site. :)

I made two mysql users for my database, one which is selected when you’re browsing the site, his privileges is only to use SELECT and another who is selected while browsing the Panel, it can SELECT, UPDATE and INSERT and nothing more, my database is frequently backed up automatically if something was changed in the panel. :D

The PHP scripts are written nicely and does not throw any errors, I have changed to xHTML 1.0 Transitional and it is Valid, same as CSS. In Fact I am waiting for CSS 3 version :D and with time I will integrate AJAX on my Panel for easy usage, I have learned javascript, now only need practice. ;)

Posted in MySQL, PHP, Webmastering | No Comments »

Leave a Comment



Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment and don't be afraid of the spam protection!