473,226 Members | 1,391 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,226 software developers and data experts.

status on Homepage

hi ng.

I want to integrate a status on my (business) Homepage

It should look like:

Right now we're in the shop
... are closed.

(.. we have different working hours between saison)
the status is in a text-file status.txt
1 or 0

I will change the status like:
http://www..../status/changestatus.php?on
http://www..../status/changestatus.php?off

is there a security-issue because i have to set the status file writeable

how can i prevent someone else changing it
thanks

Armin Horner
Nov 30 '07 #1
6 1390
I will change the status like:
http://www..../status/changestatus.php?on
http://www..../status/changestatus.php?off

is there a security-issue because i have to set the status file writeable

how can i prevent someone else changing it
By password-protecting the status directory, if if not also used to
query the status. You usually do this in the webserver.

Best regards,
--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/
Nov 30 '07 #2
I want to integrate a status on my (business) Homepage
Then - honestly - you should consider giving this task to someone who knows
what he does.
Nov 30 '07 #3
Armin Horner wrote:
hi ng.

I want to integrate a status on my (business) Homepage

It should look like:

Right now we're in the shop
.. are closed.

(.. we have different working hours between saison)
the status is in a text-file status.txt
1 or 0

I will change the status like:
http://www..../status/changestatus.php?on
http://www..../status/changestatus.php?off

is there a security-issue because i have to set the status file
writeable

how can i prevent someone else changing it
First of all, make sure the status.txt file is in a directory that's
inaccessible from the web (ie. only accessible via your scripts),
preferably one step below the webroot, although not required.

On all my PHP projects, I create a seperate directory called "inc" in
the webroot (or the root directory of my project). If Apache is used, I
place a .htaccess file containing the keyword "deny from all" in it.
Or, if IIS is used (which has happened on a rare occasion), I make sure
all outside access is denied for this directory from the IIS manager.
That way, I protect my code (as well as the base configuration) from
being exposed and/or accessed directly.

Second, make sure your changestatus.php script ONLY reacts to the "on"
or "off" keywords. Or any other keyword you'd like to use instead (such
as "open" or "closed").

Further, to avoid someone outside your organization from setting the
status (such as opening the URL and making it look like you're closed
when you're open for business or vice-versa), you should place this
script under some sort of password protection (either via your CMS or
via a simple basic authentication method).

--
Kim André Akerĝ
- ki******@NOSPAMbetadome.com
(remove NOSPAM to contact me directly)
Nov 30 '07 #4
Kim André Akerĝ schrieb:
>
First of all, make sure the status.txt file is in a directory that's
inaccessible from the web (ie. only accessible via your scripts),
preferably one step below the webroot, although not required.
... it is, ok.
>
On all my PHP projects, I create a seperate directory called "inc" in
the webroot (or the root directory of my project). If Apache is used, I
place a .htaccess file containing the keyword "deny from all" in it.
... i'll use htaccess
Or, if IIS is used (which has happened on a rare occasion), I make sure
all outside access is denied for this directory from the IIS manager.
That way, I protect my code (as well as the base configuration) from
being exposed and/or accessed directly.

Second, make sure your changestatus.php script ONLY reacts to the "on"
or "off" keywords. Or any other keyword you'd like to use instead (such
as "open" or "closed").

Further, to avoid someone outside your organization from setting the
status (such as opening the URL and making it look like you're closed
when you're open for business or vice-versa), you should place this
script under some sort of password protection (either via your CMS or
via a simple basic authentication method).
i'll protect it with a weird name and keywords so nobody switches on and
off.

thanks for help
(.. been a long time ago since i last used php so this is very helpful)

Armin
Nov 30 '07 #5
Armin Horner wrote:
Kim André Akerĝ schrieb:
>>
First of all, make sure the status.txt file is in a directory that's
inaccessible from the web (ie. only accessible via your scripts),
preferably one step below the webroot, although not required.
.. it is, ok.
>>
On all my PHP projects, I create a seperate directory called "inc" in
the webroot (or the root directory of my project). If Apache is used, I
place a .htaccess file containing the keyword "deny from all" in it.
.. i'll use htaccess
>Or, if IIS is used (which has happened on a rare occasion), I make sure
all outside access is denied for this directory from the IIS manager.
That way, I protect my code (as well as the base configuration) from
being exposed and/or accessed directly.

Second, make sure your changestatus.php script ONLY reacts to the "on"
or "off" keywords. Or any other keyword you'd like to use instead (such
as "open" or "closed").

Further, to avoid someone outside your organization from setting the
status (such as opening the URL and making it look like you're closed
when you're open for business or vice-versa), you should place this
script under some sort of password protection (either via your CMS or
via a simple basic authentication method).

i'll protect it with a weird name and keywords so nobody switches on and
off.

thanks for help
(.. been a long time ago since i last used php so this is very helpful)

Armin
Armin,

Don't. Obfustication is not security! It's only the illusion of security.

Follow the suggestions others gave you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
=================
Nov 30 '07 #6
Jerry Stuckle schrieb:
>>
i'll protect it with a weird name and keywords so nobody switches on
and off.

thanks for help
(.. been a long time ago since i last used php so this is very helpful)

Armin

Armin,

Don't. Obfustication is not security! It's only the illusion of security.

Follow the suggestions others gave you.
your true!

i will use a password-form if it is a problem
(someone switches)

thanks

Armin
Dec 1 '07 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Mark Constant | last post by:
I was doing a test website where on one page somebody could select a Genre from a drop-down list and it would display every sub-listing under that specific Genre. If the user selected All it would...
1
by: rolear01 | last post by:
A php newbie with a problem! I have a form with a text area <form name=edit_front_page_form action="/test.php?page=front_page_updated" method=get> <p>Edit front page<br> <textarea cols=30...
2
by: arbpen | last post by:
I find it superfluous to have a 'Make Us Your Homepage' link/script, but there it is, I have boss who wants it. Anyway, this is the snippet that is throwing an error: <li style="border:0"><a...
3
by: bb nicole | last post by:
Below is my login function, it can work well, but after i include it at my homepage, the print message is in the login page... What should it do to make the print message invalid username or...
7
by: patelxxx | last post by:
Guy's, On my homepage website I want to display the current status of our server. The idea I have is to ping (or send my ip address) to our server every 5 mins and the result I get back should...
1
by: Macneed | last post by:
I want to write a code to determine the homepage content was change, but if the homepage is write by asp or something else, (e.g. livescore.com here) i can't get the real homepage content by the...
3
by: svjames | last post by:
heya guyzorz, just a quick q, for the life of me i cant find a way to obtain the value of a users browsers default homepage. Ive written a site that provides access to the internet on a certain...
2
by: pavi | last post by:
Anyone know how to set the Default homepage using javascript without prompting a pop up. Below is the code i used to set default home page. <a href="#"...
0
by: hani1987 | last post by:
hello I am a BE computer student and needed information for my BE project. The project is as follows We are developing a web application for a company. This involves setting up a wi-fi hotpot...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.