>>> 1) The site will have to take very high traffic and possibly thousands
of transactions per hour
>>> -> Which is the best free db to use (I am guessing MySQL)
>>> -> Which is the best paid database (Other than MySQL)
transactions ???
Go for one which offers "commit/rollback" ...
===============
>>> 2) I store the db password and login info in a database.inc.php file. Is
there any way I can prevent a person from >>> getting the db pass even after
he gets this file?
The only way (i think, maybe there are other ways to do it) it to set up two
server (connected in a local network): one public and one private. Surely
the private server will have the databases. It will only be available in the
local network !!! Even if the get your "database.inc.php" they CANNOT have
your data from the DB.
For e.g. to connect to the DB (mySQL)
mysql_connect("10.1.1.20", ...)
A private IP can be accessed locally... Well it really works.. i've done
something like this !!!
===============
>>> 3) Does anyone know a book that focuses of writing secure code.
Free issue of PHP|Arch magazine...
https://www.phparch.com/issuedata/2003/jan/
Gonna help you surely...
===============
>>> 4)What about Zend source safe. Is that recommended. How exactly does it
work and what exactly does this do. >>> Will it help to keep my
database.inc.php file safe?
Surely Zend Encoder or TurckSoft or any other utility will be do a great
favour.
Turck MMCache encodes a simple "echo phpinfo();" like this...
<?php return
mmcache_load('eJzz9XV2dPZwZWBkYABhJjDJAGaAgQ0zlMHAyMjMDqQKMgoy89Ly7VjAQoxQSW
erGM+81JKC0qSY8vLyovz8khhfX+fE5IzUGKAG3bTMnNTimMy8lNQKPSCfAQB+BRdH');
?>
Who gonna decode this???
===============
>>> 5)How do I know the code that I am writing and my server is safe. Are
there any services out there that would >>> help me evaluate this.
At development stage put error_reporting = E_ALL;
Eliminate all notices, warnings, etc.
On live server error_reporting = ~E_ALL; (don't forget '~' ... haha)
===============
Not only you have to write secure codes, but it will be the responsibility
of the network admin not to let anybody have access to your server (public
or private !!!) from outside... I remember when i first joined the company
i'm working at, my network admin accessed my PC from outside our network (he
gained accessed thr' the router or I don't know how... the Network Experts
will answer this well) he then asked me to patch everything, etc..
Any mistake in this post, plz correct me so that i can learn from it.
That's a very small help from me. Hope it helps.
GOOD LUCK
Nadim Attari
http://www.alienworkers.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
