Security Basics mailing list archives
Re: Deploying php/apache/mysql application for off-line usage.
From: Robin Wood <dninja () gmail com>
Date: Thu, 1 Oct 2009 22:28:25 +0100
2009/10/1 Roger <rnodal () gmail com>:
Hello all, I need to deploy a php/apache/mysql application so that it can be used off-line while preventing data to be tempered with (unless the application has a flow that allows that to happen). In other words, my biggest concern is the protection of the database and php scripts from direct access so that the user cannot gain access to the database and modify the data. Here is what I have came up with so far: * Password protect the BIOS. * Disable booting from a CD. * Install a Linux distribution (Windows? No IT support if the OS is not Windows) and have an account without password(maybe with password) to have a very limited desktop with theĀ only option being accessing the local web application. * No permission to access any files outside their home directory other than the necessary ones. Once again the main goal is to prevent the user to gain access to the scripts and the database and then having the ability to put anything in the database. Do you have any suggestions that could help? Anything would be welcomed. Thank you very much for your time,
Why not look at the various types of kiosk software out there? Available for both windows and linux. I only know them from the hacking point of view from research by Paul Craig (http://ikat.ha.cked.net/ - maybe not quite work safe image there) but he got hold of all versions. Robin ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Deploying php/apache/mysql application for off-line usage. Roger (Oct 01)
- Re: Deploying php/apache/mysql application for off-line usage. Juan Pablo Macias (Oct 01)
- Re: Deploying php/apache/mysql application for off-line usage. Robin Wood (Oct 01)