Find the answer to your Linux question:
Results 1 to 6 of 6
I have been asked by a friend to make a database for them, but i was thinking about the best method of creating a frontend for it. The database needs ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru sdousley's Avatar
    Join Date
    Feb 2004
    Posts
    1,790

    SSL & PHP or JAVA


    I have been asked by a friend to make a database for them, but i was thinking about the best method of creating a frontend for it. The database needs to be scaleable, and easily accessible, at first i thought about a MySQL database with a PHP frontend. This was until a friend told me that JAVA would provide more security. security is important as it will be implemented into a school, to store marks etc. Now JAVA may provide more security than PHP but if i used the php over an SSL link would this be secure enough? I would obviously implement a login system so only people with correct access should be able to access it, but others may be able to view the data across the connection. which would be better for this?

    Any views welcome.

    Cheers in advance.
    "I am not an alcoholic, alcoholics go to meetings"
    Registered Linux user = #372327

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    If you have security concerns in the front-end at all, you probably have the wrong architectural idea to begin with anyway.

    In my opinion, the back-end should be secure enough in itself to not having to worry about the front-end, except of course if it's about people being able to listen to network traffic, but if that's the concern, then, yes, SSL would certainly solve that.

    For example, if you implement the security and logons directly in MySQL, then the PHP front-end wouldn't even have to concern itself with security, after all. It would just be an interface.

  3. #3
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    answers

    Yes mysql will be ok with php and ssl.

    set up an apache server and with mysql. set decent usernames and passwords for mysql then diable the network listener on mysql.

    activate ssl. set up a firewall to block all network access but ssl. (ftp won't work so you'll have to transfer on a floppy or something).

    then use mod_auth_mysql with apache to provide basic authentication but over ssl.

    php will do the rest.

    It is quite difficult to implement custom security code across an entire system - you always end up forgetting something or people don;t log out so the cookies are still there etc.

    Good luck

    Kris
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  4. #4
    Linux Guru sdousley's Avatar
    Join Date
    Feb 2004
    Posts
    1,790
    This sesms to convince me about the security a bit, but with the source code being on the server, there will be some sort of connection details for the MySQL database in this source code. Is there anyway of connecting to the database, but locking down the relevant database until a successful login? This is because the database will be used to store grades etc, and will eventually be accesible over the internet. obviously you don't want ANYONE and EVERYONE getting access to grades etc.

    Thanks for the help so far, but if anyone could shed some light on this, would be great.
    "I am not an alcoholic, alcoholics go to meetings"
    Registered Linux user = #372327

  5. #5
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    source

    yes the username / password for mysql is stored in the code. but if there are no crappy weak logins on the server then no one can see the code. php is interpretted on the web server and only static html is transmitted to the client. there is no way anyone can see the un or pwds from that code.

    also, we are not talking about bank details here. we are talking about school grades.
    if a kid wants to know stuff badly enough, they'll walk into the server room and nick the entire box.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  6. #6
    Linux Guru sdousley's Avatar
    Join Date
    Feb 2004
    Posts
    1,790
    yeh, i guess that's a fair enough point, but then if a parent was to c that their child was performing averagely compared to the rest of the class, they may go on an unnecesary rant and rave as to why their child is 'underperforming'. But nevermind.

    I have a mate who sez SLOX 4 schools exists, so may solve the prob.
    "I am not an alcoholic, alcoholics go to meetings"
    Registered Linux user = #372327

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •