Hello Juma, Just saw the Zalongwa software. Is it php based now. The one am evaluating for our school is a desktop based application. Can you please send me a link to a php based solution? Thanks --- Juma Lungo <jlungo@xxxxxxxxx> wrote: > we have worked in a (Linux, Apache, MySQL, PHP and > Java) project for several months. The project now > is > done and is in full usage (the program is > distributed > under the GPL License). But my client is worrying of > the security of the system, > (1) how can i test the security of the system? > (2) is it true that by knowing the domain name is a > security breach? > > Here is my client's email: > ---------------- > Hi All, > > Kindly, go through the following issue and suggest: > > Currently students and staff can access SIS > (Students > Information System) from > anywhere via the Internet - Thanks to Zalongwa > Software. The database is hosted here > at the OUT and Zalongwa Software is the main > interface > to access it. Critical > information like examination scores and financial > details are contained in the > database. For security reasons: > > 1. Exposing the server name (www.sis.out.ac.tz) is > already a security breach - it > attracts hackers to start accessing the server. > 2. Data entry and modifications (deletions and > updates) are the most sensitive > operations and should be handled with care. > > Comments: > > 1. We design another database (MySQL, call it newDB) > and host it in a different > server (not directly accessible to students and > hackers via the Internet). This > database will be used to store all the information > and > sensitive reports like > certificates and transcripts will be generated from > this (newDB) database. > 2. www.sis.out.ac.tz will be used as a data > warehouse > in which data will > (automatically) be uploaded from time-to-time from > the > newDB. > 3. Zalongwa software will be used for E-Learning, > Communication, and other > operations that will not directly alter any > information in the core database > (newDB). In other words: > (a) Lecturers will use Zalongwa to send assignments > and other materials to students > (currently, it perfoms this). > (b) Students will communicate with their lecturers > and > other staff as well as > registering to courses, and other operations via > Zalongwa. > (c) Students will view their progress reports via > Zalongwa but their final > certificates and other sensitive reports will be > generated from the newDB. > (d) Zalongwa will not be used to enter or alter > examination scores, fee payments, > and other sensitive data. > > > > __________________________________ > Start your day with Yahoo! - Make it your home page! > > http://www.yahoo.com/r/hs > __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ------------------------ Yahoo! Groups Sponsor --------------------~--> Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life. http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/saFolB/TM --------------------------------------------------------------------~-> PHP Data object relational mapping generator - http://www.meta-language.net/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-objects/ <*> To unsubscribe from this group, send an email to: php-objects-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
