What is the best way to separate between public and private webpages when creating a website.I'm thinking the public part is what everyone see when entering the site. The access to the secure part will be done by login and then access will be grante to the secure part. In the secure part there should be the ability to look at data stored on a SQL db, depending on level of access the page should give access to different data. When logged into the secure part there should be forms that can be used to update records on the SQL db.What are the issues with creating this. Should it be a second subdomain for the secure part?I'm new to this webdesigning / securing so bear with me if I'm asking questions in areas that should be obvious to a pro!Nils
It doesn't have to be a new subdomain. There shouldn't be any issues if its setup properly. You can find a login script on hotscripts.com. You can put the secure part in a different subdomain so its not so obvious where it is and if you really want it secure you can use SSL.
You could also use HTTP authentication, with that you can LOCK certain folders, so if you have a public site at http://forums.xisto.com/no_longer_exists/
you can LOCK http://forums.xisto.com/no_longer_exists/, and put your stuff there, so if someone wants to access the member area, they must enter login credentials, the nice part comes now. It's integrated in the Apache Server, so it's very simple to setup. Try finding an tutorial for it, if you can't find one.
the advantage is that the chances of being exploited due to poor php scripts or login screens isn't there.
With a simple PHP session autentication or Cookies, you have a page where login and where you set the $session_var or the cookies, then in each protect page you check that the user have the permission and allow him to see the page
Web servers have protected and public areas without you having to create them. The best way that content is protected is to create a virtual site for public viewing. This is if you are setting up the server yourself. This virtual site has a unique name that does not reflect the true name of your folders or storage space. Most commercial sites name their virtual folder “public html” and the actual website name is virtual. Take for example on a unix server the “cgi-bin” folder is protected by setting a “read, write, view” access called a “change access permissions” (chmod) access. This folder is for running perl cgi scripts that need to be protected. You can also create folders and protect them with “htaccess” protection. I could go on and on with this topic but the information is out there tons of it.This should give you a heads up. Find out more about “htaccess” it has tons of features.
Rudy,thank you. I'm using sco*nix server at work, I just have to look up commands etc. chmod and chown commands I know fairly well from setting up users. I have to look up the 'htaccess' command and see if I can't figure it out :)The private part will be by username password only so that is where I have to read up. I'm looking to setup the public part for all visitors and a private part by login only so the virtual public viewing is another thing to look up.Nils
use a subdomain or not? i think, if the "private" content is a very BIG/IMPORTANT topic, then you might consider using subdomain. otherwise, i think it is better to use secured directory.
want to have authentication? when i was browsing, i found this apache module;
it is a really useful stuff. storing username and password in mysql. you dont need to alter any group/user/password files. you just have to update the user database only.
.htaccess is the way to go, as php is overcomeable. I like PHP though, pretty log on interfaces.Hotsripts is the way to go.
I am using the Java script to create a login page , I just telling my friends the password .HEHEE
Many webhosts give you in cpanel or the thing the use a way to create a password protected folder where you put the private website. Then you could have a button on you public page wich is a link to the private. Then when the person wants to visit it he will got a popup wich asks him for a username and password. And you could have more accounts. After that you could buy a solution from a company if you are afraid from a person who have telled other people about his acoount pass and name
|VIEW ORIGINAL||REGISTER||GET FREE HOSTING|