we have worked in a (Linux, Apache, MySQL, PHP and Java) project for several months. The project now is done and is in full usage (the program is distributed under the GPL License). But my client is worrying of the security of the system, (1) how can i test the security of the system? (2) is it true that by knowing the domain name is a security breach? Here is my client's email: ---------------- Hi All, Kindly, go through the following issue and suggest: Currently students and staff can access SIS (Students Information System) from anywhere via the Internet - Thanks to Zalongwa Software. The database is hosted here at the OUT and Zalongwa Software is the main interface to access it. Critical information like examination scores and financial details are contained in the database. For security reasons: 1. Exposing the server name (www.sis.out.ac.tz) is already a security breach - it attracts hackers to start accessing the server. 2. Data entry and modifications (deletions and updates) are the most sensitive operations and should be handled with care. Comments: 1. We design another database (MySQL, call it newDB) and host it in a different server (not directly accessible to students and hackers via the Internet). This database will be used to store all the information and sensitive reports like certificates and transcripts will be generated from this (newDB) database. 2. www.sis.out.ac.tz will be used as a data warehouse in which data will (automatically) be uploaded from time-to-time from the newDB. 3. Zalongwa software will be used for E-Learning, Communication, and other operations that will not directly alter any information in the core database (newDB). In other words: (a) Lecturers will use Zalongwa to send assignments and other materials to students (currently, it perfoms this). (b) Students will communicate with their lecturers and other staff as well as registering to courses, and other operations via Zalongwa. (c) Students will view their progress reports via Zalongwa but their final certificates and other sensitive reports will be generated from the newDB. (d) Zalongwa will not be used to enter or alter examination scores, fee payments, and other sensitive data. __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs ------------------------ Yahoo! Groups Sponsor --------------------~--> Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life. http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/saFolB/TM --------------------------------------------------------------------~-> PHP Data object relational mapping generator - http://www.meta-language.net/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-objects/ <*> To unsubscribe from this group, send an email to: php-objects-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
