Site Protection

[fawkes]

This question has been asked, and answered, in many guises throughout this site, across many forums. Unfortunately, many of the questions and many of the answers are based on a preconceptions.

I'm starting to build a web site, using Dreamweaver on my P.C.

I want this site to sit on a providers server and be secure, secure to the point that I can obtain indemnity insurance against the files falling into the worng hands.

I also want to allow a large number of users access to different parts of the site, specifically identifying which parts each user has access to and which they are denied from having access to. Users and user permissions could very easily change daily.

What I need to know before I get too far down the road, is what method of protection I employ. Do I have to accept that I will be limited to a single server system (Unix for example because the htaccess method people keep mentioning), will I limited to specific database formats, could I use a combination of java or VB and XML?

Starting from a blank canvas with the brief set out above, how best do I implement security?

 

[dwarfthrower]

Almost all major web server solutions will offer security in one way or another. Talk to a number of different hosting providers about the solutions they offer. Then pay someone who really knows what they're doing to implement the security policies for you. That's all details though.

What you need to do now is close Dreamweaver and start working on a comprehensive map of your site. A blueprint of what content will be available and to whom. When it comes to implementation time, every hour you spend now on planning will come back to you four-fold. You'll also need to start thinking about how you will identify various users, whether you will be accepting credit card payments for membership or goods.

A large scale commercial site is not really a job for one person with a PC and a copy of Dreamweaver. If you're the vision behind the site, you'll probably be best served to focus on what you do best - good ideas, and surround yourself with good people to do the technical stuff for you. You'll have to fork out the dollars, (pounds, euros... whatever) but that beats the heck out of seing your dream sink because it got too unweildy and crumpled in on itself for lack of proper planning and implementation.

[sub]Never be afraid to share your dreams with the world.
There's nothing the world loves more than the taste of really sweet dreams.[/sub]

 

[fawkes]

Thanks for the reply, the advice is certainly sound.

To give you some further information, and to lay you a little more at ease, I am at the preparation stage now and haven't started to write anything yet.

The idea is to use the providers facilities as storage, for the users to access files from anywhere in the world. It is nothing more than that at the moment, but the files could be commercially sensitive and so they would need to be protected and there would have to be some form of indemnity against disclosure to competitors.

It is unlikely that the start up costs could run to a full-on development from a professional organisation and that is why I'm asking the questions now. If it necessary that I need more professional input then I'll have to take a strategic rethink, but any information, even if its only a basic grounding in understanding security to web-based folders, would be extremely helpful.

 

[dwarfthrower]

Well the only back-end I'm qualified to give you real commercial advice in is IBM Lotus Domino. That's probably not much use to you. I'd talk to your provider. If they are of any sort of size they will already have a lot more knowledge about how to go about securing part of their system than anyone outside would. Start there. If you find you need more advice, get into contact with a security company or two... even a few initial meetings might leave you with some valuable pointers.

[sub]Never be afraid to share your dreams with the world.
There's nothing the world loves more than the taste of really sweet dreams.[/sub]

 

[fawkes]

ty