Announcement

Collapse
No announcement yet.

Website Security and Mysql database security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Website Security and Mysql database security

    Dear Members,

    my name is matt i in the process of having a company website built any recommendations for website security (authorization software?) or anything so we can track people trying to do fraudulent things on our site. Furthermore how is the Database securitys?

    we use godaddy.com for our domain and hosting service (are they pretty security stable?) should we have other measures installed on our host server for extra security?

    it is on a windows platform with asp and asp.net plus we are using mysql for our database for user names and passwords and registration forms.

    how can i prevent pictures from being hotlinked (i have a form of protection (right click disabled but they can still copy the source code. do you know anything i can put in the html or asp file to block source content?

    Matt
    Midwest Male Ltd
    chicago usa

  • #2
    Did you post this in /dev/null or was it moved here?
    Last edited by TheCotMan; August 17, 2005, 01:57.

    Comment


    • #3
      Yeah i posted it in the wrong area.


      Matt..

      Comment


      • #4
        Relocated to "Got Questions."

        (/dev/null is a kind of "garbage can" and things get moved there if they violate rules or are off topic. Some people assume anything in /dev/null is there to be criticized.

        Let's see what kinds of responses you get.

        I am not very strong with windows, but there are people here who are.

        Comment


        • #5
          ok Got it Dev/Null and Fucktard hall is the naughty corner for stupid people okay.

          Comment


          • #6
            Well, what kind of web site is it and what is being offered? Are you doing ECommerce? Do you have web applications running? PHP? ASP? These things all have security issues surrounding them. Rather than looking to secure the website, be looking into securing the supporting infrastructure of the website (PHP, ASP, SSL, etc) and the individual components of the website (shopping cart, web apps).

            As far as mysql security goes, you'd be far better off getting a book on it. Theres quite a bit to it.

            I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

            Comment


            • #7
              Originally posted by MidwestMale
              how can i prevent pictures from being hotlinked (i have a form of protection (right click disabled but they can still copy the source code. do you know anything i can put in the html or asp file to block source content?
              this may come across as a rather harsh reply, so i apologize in advance for that...

              i (and a few others here who i can think of) may not want to help someone with a question like this since "preventing hotlinking of images" is, in the minds of a number of individuals, a stupid thing to try to accomplish. i can elaborate why...

              1. it contravenes the basic purpose and premise of the web. files are offered by a web server to whomever makes an appropriate GET request. receipt of files should not depend on other files pulled or referrer data.

              2. most of the "blocking" technologies rely on referrer information, which many power users, privacy advocates, etc block in their local proxies. (because of the fact that no web site deserves to know where you were coming from or where you're going next)

              3. if you don't want an image to be viewed by anyone and everyone through any means they wish, then maybe it shouldn't be on the web. (this is also a response to the "they're sapping my bandwidth" argument)

              4. any solution you employ will be mediocre at best... blocking only some hotlinkers while also confounding a whole array of legitimate users. (the same goes for the "disable right clicking" code... this doesn't block ANYONE who you are trying to stop, it only befuddles and irritates basic users. you think a single person on this forum would allow a remote site to dictate how their browser can operate or what their mouse is allowed to do?)

              sorry for the rant... but that's my $0.02. if you still want to pursue this innane venture, Mister Google has what you need.
              "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
              - Trent Reznor

              Comment


              • #8
                Originally posted by Deviant Ollam
                4. any solution you employ will be mediocre at best... blocking only some hotlinkers while also confounding a whole array of legitimate users. (the same goes for the "disable right clicking" code... this doesn't block ANYONE who you are trying to stop, it only befuddles and irritates basic users. you think a single person on this forum would allow a remote site to dictate how their browser can operate or what their mouse is allowed to do?
                I'm not sure who said this, but I'm almost 100% sure it came from these forums:

                "If I can see it, it's already mine."

                There is not much you can do to stop someone from doing a screen capture, so efforts in this area are futile.
                Jim

                Nothing to do, execpt hold on to nothing!!!

                Comment


                • #9
                  Originally posted by alienSkull
                  There is not much you can do to stop someone from doing a screen capture, so efforts in this area are futile.
                  well, he didn't specify if his desire is to control ALL dissemenation of the images or only to limit how viewing images impacts his bandwidth. most people who try these sort of shenanigans are trying to ensure that no users can ever view an image unless it's nestled into the larger context of the web page that the site owner created. (a similar argument is made with respect to deep-linking)

                  those who endeavor to enact hot-linking prevention and deep-linking prevention can go jump in a lake, since it's both futile and will piss off a ton of people... no amount of "benefit" gained from the practice can outweigh that fact, especially if you're selling something online. i for one will immediately refuse to purchase a single thing from a web site if it's the slightest bit difficult for me to use with my beefed up security/privacy/proxy settings. (if the site requires java, javascript, flash, or god-knows-what-else just to navigate pages, etc. then it's "thank you and goodnight" for me)
                  "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                  - Trent Reznor

                  Comment


                  • #10
                    I would like to purchase your excellent security services. To allow me to transfer my money to your bank account, please provide your routing number and account number here. They're the numbers at the bottom of your checks. This will allow me to send you money cheaply.

                    I eagerly await your valued response.
                    --- The fuck? Have you ever BEEN to Defcon?

                    Comment


                    • #11
                      Kallahar, do you take checks drawn on Nigerian banks?

                      Comment


                      • #12
                        Dear Readers,

                        well thank you for your input . What i was trying to say was since i have a modeling company there will be photo's in (smaller format) but i need it so they cannot copy them since they will be in a photo album format for companys to buy website content. Since the models are under the 2257 regulations under federal law we have to make sure some photo's or videos are protected. i was not stating every single photo or well every single video etc. My site will be a awsome site we will have alot of stuff people can download and do but well there is just some area's that need tighter restrictions is all.

                        Matt.

                        Comment


                        • #13
                          No actually i value your input thats why i asked questions.

                          Matt...


                          Originally posted by Deviant Ollam
                          this may come across as a rather harsh reply, so i apologize in advance for that...

                          i (and a few others here who i can think of) may not want to help someone with a question like this since "preventing hotlinking of images" is, in the minds of a number of individuals, a stupid thing to try to accomplish. i can elaborate why...

                          1. it contravenes the basic purpose and premise of the web. files are offered by a web server to whomever makes an appropriate GET request. receipt of files should not depend on other files pulled or referrer data.

                          2. most of the "blocking" technologies rely on referrer information, which many power users, privacy advocates, etc block in their local proxies. (because of the fact that no web site deserves to know where you were coming from or where you're going next)

                          3. if you don't want an image to be viewed by anyone and everyone through any means they wish, then maybe it shouldn't be on the web. (this is also a response to the "they're sapping my bandwidth" argument)

                          4. any solution you employ will be mediocre at best... blocking only some hotlinkers while also confounding a whole array of legitimate users. (the same goes for the "disable right clicking" code... this doesn't block ANYONE who you are trying to stop, it only befuddles and irritates basic users. you think a single person on this forum would allow a remote site to dictate how their browser can operate or what their mouse is allowed to do?)

                          sorry for the rant... but that's my $0.02. if you still want to pursue this innane venture, Mister Google has what you need.

                          Comment


                          • #14
                            Originally posted by MidwestMale
                            Dear Readers,

                            well thank you for your input . What i was trying to say was since i have a modeling company there will be photo's in (smaller format) but i need it so they cannot copy them since they will be in a photo album format for companys to buy website content. Since the models are under the 2257 regulations under federal law we have to make sure some photo's or videos are protected. i was not stating every single photo or well every single video etc. My site will be a awsome site we will have alot of stuff people can download and do but well there is just some area's that need tighter restrictions is all.

                            Matt.

                            Real Models or Porn? Just Wondering..

                            If you have the photo in a loser-res format there are plenty of things you can do to try to stop the average user from taking those images. However, anyone who is even slightly above average (and the people you try to stop) will easily be able to grab the images.

                            I however must disagree with Deviant on the hotlinking issue. But not for the same reasons as you. If I post a file on my website, I get pissed when someone hotlinks it and tries to steal my bandwidth. If Bandwidth was free, maybe I wouldn't care, but it's not and I do.

                            Try looking at this forum and ask them, they will probably be of great help: http://www.webmasterworld.com/forum92/3270.htm

                            Comment


                            • #15
                              Well, theres a number of things you can do. With JavaScript you can disable the right-click 'Save this Image as' option. However, that will only stop the weak and the stupid. Using things such as ASP and PHP (not sure what your backend is) you can dynamically create pages and make it much harder for remote browsers to find your images. Also, good file permissions on your image directories is a major issue. A lot of porn sites (nothing derogatory here, but thats what it sounds like you run..and a good chunk of the forum users are large consumsers of said material) dont lock the access to their directories in such a way that only the web server or backend server can access them. Thats how you end up being able to do a "index of" /donkeyfucking in google and find top level directories full of pics for the taking.

                              The porn sites out there that have 'made it' and are established have become masters in blocking/restricting this sort of thing. If, for example, everyone discovers some new google functionality that lets them see free porn, watch how within a few days half the sites are no longer accessable. I'm sure theres some sort of group/affiliation for Adult Site Webmasters/Architects/Content Builders that covers this kind of stuff, after all its a problem any good porn site faces.

                              I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

                              Comment

                              Working...
                              X