Topic awaiting preservation: Secure information pass (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=28355" title="Pages that link to Topic awaiting preservation: Secure information pass (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Secure information pass <span class="small">(Page 1 of 1)</span>\$

redroy Paranoid (IV) Inmate From: 1393 Insane since: Dec 2003	posted 08-22-2006 22:56 I've got a project coming up where I am going to need to pass secure information (SSL, POST) to my client. I've delt plenty with php mail forms (not secure) and commerce (secure) passing to some merchant with a secure connection. But I've never been faced with sensitive information that just needs to be accessable to the client. I was thinking of getting a php to pdf converter like http://www.fpdf.org/ and just password protecting where they are saved on the server... though that doesn't seem the best way...? Should I store it in a database? What ways do you use?
hyperbole Paranoid (IV) Inmate From: Madison, Indiana Insane since: Aug 2000	posted 08-23-2006 17:25 Just to clear a few things up: From what you wrote, I assume you will have an area of the site that is only accessible by entering the correct password. You will accomplish this using .htpassword. When the user enters this secure area of the server, all access will be accomplished with SSL. You will store the sensitive information in .pdf files in this area. (You may want to also password protect each .pdf file so that the users of the data will have some security once they have copied the files to the client side, however, this doesn't really provide very good security without the other measures being in place. Also the client needs to be aware that once they have copied the data to their machine, they have created a security risk in your system.) If this is what you are thinking of doing if is probably as secure as you can get while allowing http access to the data. It is not necessary to store the information in a database. That doesn't add any level of security to the data. How sensitive is the data you are storing? If it is really super sensitive, you might want to consider allowing access to it with secure ftp or scp instead of https, although, I'm not sure that either one of those adds any more security than https. You may also want to encrypt the files using PGP or GPG or some other equally secure encryption method, and only allow access by recognized users. . -- not necessarily stoned... just beautiful.
H][RO Paranoid (IV) Inmate From: Australia Insane since: Oct 2002	posted 08-24-2006 15:03 Storing it in the database isn't any more secure, but it isn't any less secure. I would use a database for a password system rather than .htacces, it will be more flexible. Then just use https to connect where they login and if they login they can view your secure pages. There are many ways to do this, you could store the files be they pdf's html or whatever below your root, or above your root and just block access to them with .htaccess. Then serve up the files they are allowed to use. Im guessing its not super secure data, https and a secure login is as good as you will get. You can bet their PC's probably wont be very secure which there is nothing you can do about. If you need more security then you have to take it offline :P. So just setup a quick database, whack down some quick php code and your done!

Topic awaiting preservation: Secure information pass (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=28355" title="Pages that link to Topic awaiting preservation: Secure information pass (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Secure information pass <span class="small">(Page 1 of 1)</span>\$

redroy
Paranoid (IV) Inmate

From: 1393
Insane since: Dec 2003

posted 08-22-2006 22:56

I've got a project coming up where I am going to need to pass secure information (SSL, POST) to my client. I've delt plenty with php mail forms (not secure) and commerce (secure) passing to some merchant with a secure connection. But I've never been faced with sensitive information that just needs to be accessable to the client. I was thinking of getting a php to pdf converter like http://www.fpdf.org/ and just password protecting where they are saved on the server... though that doesn't seem the best way...? Should I store it in a database? What ways do you use?

hyperbole
Paranoid (IV) Inmate

From: Madison, Indiana
Insane since: Aug 2000

posted 08-23-2006 17:25

Just to clear a few things up:

From what you wrote, I assume you will have an area of the site that is only accessible by entering the correct password. You will accomplish this using .htpassword. When the user enters this secure area of the server, all access will be accomplished with SSL. You will store the sensitive information in *.pdf files in this area. (You may want to also password protect each *.pdf file so that the users of the data will have some security once they have copied the files to the client side, however, this doesn't really provide very good security without the other measures being in place. Also the client needs to be aware that once they have copied the data to their machine, they have created a security risk in your system.)

If this is what you are thinking of doing if is probably as secure as you can get while allowing http access to the data.

It is not necessary to store the information in a database. That doesn't add any level of security to the data.

How sensitive is the data you are storing? If it is really super sensitive, you might want to consider allowing access to it with secure ftp or scp instead of https, although, I'm not sure that either one of those adds any more security than https. You may also want to encrypt the files using PGP or GPG or some other equally secure encryption method, and only allow access by recognized users.

.

-- not necessarily stoned... just beautiful.

H][RO
Paranoid (IV) Inmate

From: Australia
Insane since: Oct 2002

posted 08-24-2006 15:03

Storing it in the database isn't any more secure, but it isn't any less secure.

I would use a database for a password system rather than .htacces, it will be more flexible. Then just use https to connect where they login and if they login they can view your secure pages.

There are many ways to do this, you could store the files be they pdf's html or whatever below your root, or above your root and just block access to them with .htaccess. Then serve up the files they are allowed to use.

Im guessing its not super secure data, https and a secure login is as good as you will get. You can bet their PC's probably wont be very secure which there is nothing you can do about. If you need more security then you have to take it offline :P.

So just setup a quick database, whack down some quick php code and your done!