[thelist] making site content secure as possible

Chris at globet.com Chris at globet.com
Fri Jan 13 10:22:30 CST 2006



> What I need is good advice or please point me in the right 
> direction of what terms I should be searching for on google. 

* Cross site scripting
* SQL Injection
* Authentication


> My client asks about encrypting his content, it would be text 
> and PDF files. Is that an option? How exactly would 
> encrypting text prevent people who are not supposed to see it 
> from viewing it?

You could encrypt the files, but then you would have to allow authorised
people to decrypt them. It would be much easier to control access to the
file in the first place. I don't see that encryption would add any
security at all (I may be wrong) whilst adding an extra level of
complexity for users.

> Also on a related note, my client thinks that maybe some 
> members may share their user names and passwords with their 
> friends.

> Is it possible to track who logs in to the site and 
> from where? 

You can log which account logs in from which ip address.

> Would we be able to find out if member logins 
> were being passed around or not?

You can allow only one login from one account at one time. You can also
log any attempts to log into more than one browser simultaneously.

> Does anyone have any good strategies for preventing this kind 
> of thing or to make it more difficult?

I suppose that you could have a Java applet or ActiveX control that
delivers all of the textual content. This would not prohibit the user
from passing the information to third parties, but it could make it a
lot more difficult.


Chris Marsh
Web Developer
Tel: +44 20 8246 4804 Ext 828
Fax: +44 20 8246 4808

Any opinions expressed in this email are those of the individual and not
necessarily the Company. This message is intended for the use of the
individual or entity to which it is addressed and may contain
information that is confidential and privileged and exempt from
disclosure under applicable law. If the reader of this message is not
the intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please contact the
sender immediately and delete it from your system. 

More information about the thelist mailing list