• 0

how to design a DB driven website


Question

Hello,

I need to make a website where users can register, login, take some quizzes, see past results and post comments and I need some advices on how to design the database for this.

I am very concerned about security and how should I implement user logins on the DB and also how should I store the comments?

any help is apreciated.

thank you.

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0

There's a couple of basic principles when it comes to web security;

1; Never trust any data that comes from the user. This includes data that you gave the user, data posted from forms, data retrieved from the URL, data from cookies etc.

2; Expect someone to delete absolutely everything. So do regular backups. But not just that, make sure you have a recovery plan. It's pretty bad if someone takes down your website, but it's even worse if it takes you 48 hours to find & restore a backup. There's no way to create a 100% secure computer system - so don't give yourself the delusion that yours is unhackable.

The main security concern for a project like this is an SQL injection. It's one of the most common types of attacks on web systems, but fortunately it's probably the easiest to defend against. Just validate all user input and you'll be ok. If you'll be using PHP, check out http://www.php.net/mysql_real_escape_string - that function will make any user-given data safe to store in or query a database by escaping any SQL characters. Also, any data that is given by the user and is displayed back to other users, such as comments, will need to be striped of anything you don't want there. You probably don't want user A to post javascript code as a comment that'll be displayed to user B and steal his cookies! (nobody wants their cookies stolen!). Similarly, you probably don't want them to be able to embed code that'll show user B an iframe of a website that's quietly installing all kinds of nasties on their computer. IIRC, neowin had this attack successfully done to them a few years ago. http://www.php.net/htmlentities is a good PHP function that'll make HTML code safe to display (ie, not-executable).

There's hundreds of user login tutorials out on the web. I'm not going to write you another one here - so do some googling (:

Link to comment
Share on other sites

  • 0

I used to create my own sites and databases for user logins etc, but at the end of the day there is a lot of time and effort going into creating. Creating such a site for clients, can be time consuming and may cost them a lot of money. Most of them always goes for the cheaper option with the best results.

one word: Joomla

Joomla is a good CMS site to use and it is not that hard to install and I use it as well. The other option I can provide, which I also use, is using WordPress. You will find a lot of plugins and widgets out there, which will enable you to create a site just as you want.

You can use Artisteer to create good looking templates for both Joomla and WordPress but I found it a bit limited with the designing part. I normally buy templates on the net and just install the ZIP files and voila. All you need to do is set up the structure of your site.

I use mindmap software to design the layout of my site, well the structure, and then set it up with Joomla or WordPress.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.