Welcome Guest.   Make a donation to an author on the site October 24, 2014, 05:19:35 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
View the new Member Awards and Badges page.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: website security  (Read 1401 times)
kalos
Member
**
Posts: 1,071

View Profile Give some DonationCredits to this forum member
« on: February 15, 2012, 03:00:03 PM »

hello!

I am thinking to build a part of a website, where clients will login to view some info about their accounts, etc, although I have no web buililding experience at all

I am willing to learn, but what bothers me is that website security looks hard to achieve, since I see all that major websites been hacked etc

so, there is no simple and totally secure way to achieve this?

thanks!
Logged
Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,648



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: February 15, 2012, 03:05:20 PM »

Nothing is ever 100% secure smiley

The basic rule of thumb is...if its online...people can access it.

Best not to think to much about it...but also best to write some pretty long privacy policies and disclaimers to avoid any possible legal actions from break-ins smiley

Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss


kalos
Member
**
Posts: 1,071

View Profile Give some DonationCredits to this forum member
« Reply #2 on: February 15, 2012, 03:11:36 PM »

any other method to make info for each client available to him on request?

for example, automated email replies containing the requested info, when I receive their email messages?

any other idea?
Logged
40hz
Supporting Member
**
Posts: 10,730



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: February 15, 2012, 03:17:54 PM »

hello!

I am thinking to build a part of a website, where clients will login to view some info about their accounts, etc, although I have no web buililding experience at all

I am willing to learn, but what bothers me is that website security looks hard to achieve, since I see all that major websites been hacked etc

so, there is no simple and totally secure way to achieve this?

thanks!

In a nutshell? No. There isn't

With all due respect, web and network security is not something you can just casually get into as an amateur (or student) and expect to be able to thwart professional hackers and other cyber-criminals. With some education and experence you could probably stop most script-kiddies and other amateur hackers. But you don't stand a chance against the real baddies - most of whom have extensive technical education and experience to fall back on.

Security is such a rapidly changing and challenging field that even network professionals frequently farm out some or all of their network security requirements to specialists.

Wish it were otherwise, but that's the basic reality of the connected world we live in. smiley
Logged

Don't you see? It's turtles all the way down!
mouser
First Author
Administrator
*****
Posts: 33,581



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: February 15, 2012, 03:21:44 PM »

Stephen and 40hz are right -- there is no 100% guaranteed security.  And 40hz advice is on the money -- if this is really sensitive information -- it's just not something that you or even a normal web host/admin is qualified to deal with.

I think the first question you have to answer is how sensitive is this information -- how much fallout would there be if someone did get access to the info?  How desirable is the information to an attacker?
Logged
40hz
Supporting Member
**
Posts: 10,730



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: February 15, 2012, 03:23:12 PM »

any other method to make info for each client available to him on request?

for example, automated email replies containing the requested info, when I receive their email messages?

any other idea?

You could do that. But it would probably be a good idea to encrypt those emails since they can also be intercepted or gotten off your client's machines.

Then there's the issue of how to be very sure the request is only coming from the person the information belongs to. End-users are notoriously lax when it comes to picking good passwords for their accounts so passwords don't provide enough security by themselves.

Logged

Don't you see? It's turtles all the way down!
40hz
Supporting Member
**
Posts: 10,730



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: February 15, 2012, 03:41:42 PM »

Just an addendum: depending on where you plan on doing this, and what business you're in, there may be legal requirements governing data transmissions like yours. I work with clients in the home mortgage industry. Both the federal and state government regulatory agencies have extensive guidelines and requirements for the type of data mortgage lenders are allowed to transmit and how it is to be transmitted. Failure to comply with these regulations can result in fines and imprisonment.

So (in keeping with what mouser said earlier sensitivity and fallout) something you absolutely need to find out is whether there are things you're legally obligated to do if you're going to be sending out what you're planning. Just from working with my clients I was amazed at the number of things they're required to do if they need to send an email containing somebody's personal information. (Hint: authorization from the client, message encryption, allowed transmission methodologies, message retention, secure message archiving, security breach reporting, rules governing client advisement in the event of a breach or other loss of data...it just goes on and on.)
 tellme
Logged

Don't you see? It's turtles all the way down!
kalos
Member
**
Posts: 1,071

View Profile Give some DonationCredits to this forum member
« Reply #7 on: February 15, 2012, 03:58:10 PM »

Well, it's neither that crucial, nor desirable, it's biochemical data for patients
Logged
40hz
Supporting Member
**
Posts: 10,730



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: February 15, 2012, 04:58:34 PM »

Well, it's neither that crucial, nor desirable, it's biochemical data for patients

In the USA that information probably falls under HIPAA privacy and security rules if the information relates to specific individuals and the information was obtained through some sort of medical examination or testing procedure.
 ohmy

Logged

Don't you see? It's turtles all the way down!
Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,648



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #9 on: February 15, 2012, 05:12:33 PM »

I'm pretty sure it would be covered under similar terms in most Western Countries also...seems like something that should be as private as possible, especially if data can be linked to specific people.
Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss


40hz
Supporting Member
**
Posts: 10,730



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: February 15, 2012, 05:13:51 PM »

^Hey look! Stephen's got a new AVATAR!!! Thmbsup
Logged

Don't you see? It's turtles all the way down!
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.034s | Server load: 0.09 ]