Deploying a site out in the WWW

K

Kevin Lawrence

Hi all

I was wondering if there were any guidlines to follow before a publishing
a site out in the www.

I'm most concerned about security, I can ensure the data is secure over HTTPS
and i can ensure no-one views information that they shouldn't be.

But what about things like using querystrings etc? Is it a good idea to rely
to much on querystring usage, will people try and hack the site? Will they
try and access things they shouldn't be? That sort of thing.

Is there anything I should be careful about when releasing a site?

Thanks
Kev
 
K

KMA

Depends a bit upon what data is on the site.

If it's a banking site then there will be differing security requirements
than for a site which shows on line chocolate cookie recipes.

Ask yourself: "what's the worst that can happen?"

Someone deletes your data? So make a timed backup now and then.

Someone posts profanity? So swear back at them and make sure you get your
insult in first.

As for query string manipulation, I often use it for checking share prices
or querying the product databse for for sites that would otherwise have me
clicking back and forth. Nothing malicious about that, i think.
 
K

Kevin Lawrence

Depends a bit upon what data is on the site.
If it's a banking site then there will be differing security
requirements than for a site which shows on line chocolate cookie
recipes.

Ask yourself: "what's the worst that can happen?"
Click to expand...

This is really what I need to know - it's a site that provides a service,
people have to pay for a full subscription but it doesn't contain seriously
confidential data, I suppose my fear is that someone gets hold of someones
address or something for a particular reason - you know what some psychos
are like out there - but is that my concern?

What has been the worst that HAS happened?

Kev
 
K

KMA

Aha, some more details.

I guess if you're storing personal information then you have a duty of care
to the individuals to which it relates. Depending on where you live you
might also have a legal obligation. Obviously unencrypted query strings
would not be appropriate - you don't want someone to guess that CustID=1234
might mean that there are customers 1233 and 1235 too.

Lock down particular folders to prevent listing by a browser.

Implement a secure data access layer.

If you find a site with a comphrehensive list, post it here as it certainly
be a useful link.
 
K

Kevin Lawrence

Aha, some more details.
I guess if you're storing personal information then you have a duty of
care to the individuals to which it relates. Depending on where you
live you might also have a legal obligation. Obviously unencrypted
query strings would not be appropriate - you don't want someone to
guess that CustID=1234 might mean that there are customers 1233 and
1235 too.

Lock down particular folders to prevent listing by a browser.
Click to expand...

Ok, thanks.
Implement a secure data access layer.
Click to expand...

I've ensured the data is accessible only by the owner of the data, we are
using GUIDs as well for the ids so no-one is going to be able to guess a
guid (unless they're really lucky!) - either way they will be turned down
flat if they don't own the data, I can't think any more to do, I always assumed
the only way someone could hack into your site was via query-strings.
If you find a site with a comphrehensive list, post it here as it
certainly be a useful link.
Click to expand...

Will do, thanks for your help.

Kev
 
K

Kevin Lawrence

Use cryptography functions to encrypt and decrypt data in the
querystring. This is what I use:

http://www.willasrari.com/blog/index.php/2006/01/17/csharp-cryptostrea
m-encrypt-decrypt-database-passwords/

I originally used that tutorial to encrypt the password to store in a
database. You can just as easily edit it to encrypt/decrypt the
querystring, username, id, etc...

It's in C# but converting to VB.NET shouldn't be too difficult.
Click to expand...

Thanks, I'm using c# so that's fine.

Kev
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hi, I am a webflow user. I am looking for CSS code that can KEEP ALL ELEMENTS POSITIONED in the SAME spot across all resolutions 0
Hello all! Noob here with completely unrealistic ambitions. Happy to join the crew and get good enough to help others. 4
How do I set the default content page) on a Classic ASP file? 0
Newbie: Deploying/Publishing Web Site and Registering Domain Name 5
Help with finding difference between two bodies of text in order 0
Imagehost Grabber alternate download site or replacement? 2
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 3
System.Net.WebException: The operation has timed out 1

Members online

No members online now.
Total: 270 (members: 0, guests: 270)
Robots: 464

Forum statistics

Threads
474,434
Messages
2,571,690
Members
48,796
Latest member
Greg L.

Latest Threads

Top