Security Basics mailing list archives
Re: Deploying php/apache/mysql application for off-line usage.
From: Juan Pablo Macias <jpmacias () gmail com>
Date: Thu, 1 Oct 2009 14:36:05 -0500
Hi What do you mean by offline use? Single machine user? or do you mean it will be used only inside a specific network? If the user has root or equivalent access (either windows or linux) to the machine, or even physical access, he could try to mess with the data. If the application is on your machine, you don't need access to the php scripts, you could just try mysql, and try to brute force it. Maybe you need a different approach, but that's just my opinion. Juan Pablo 2009/10/1 Roger <rnodal () gmail com>:
Hello all, I need to deploy a php/apache/mysql application so that it can be used off-line while preventing data to be tempered with (unless the application has a flow that allows that to happen). In other words, my biggest concern is the protection of the database and php scripts from direct access so that the user cannot gain access to the database and modify the data. Here is what I have came up with so far: * Password protect the BIOS. * Disable booting from a CD. * Install a Linux distribution (Windows? No IT support if the OS is not Windows) and have an account without password(maybe with password) to have a very limited desktop with the only option being accessing the local web application. * No permission to access any files outside their home directory other than the necessary ones. Once again the main goal is to prevent the user to gain access to the scripts and the database and then having the ability to put anything in the database. Do you have any suggestions that could help? Anything would be welcomed. Thank you very much for your time, Roger ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- To follow the path, look to the master, follow the master, walk with the master, see through the master, become the master ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Deploying php/apache/mysql application for off-line usage. Roger (Oct 01)
- Re: Deploying php/apache/mysql application for off-line usage. Juan Pablo Macias (Oct 01)
- Re: Deploying php/apache/mysql application for off-line usage. Robin Wood (Oct 01)