|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 154
Members: 0
Total: 154
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Security hardening of PHP/MySQL script |
|
Posted: Tue Aug 30, 2005 12:02 pm |
|
|
schnibble |
Regular user |
|
|
Joined: Jul 07, 2004 |
Posts: 13 |
|
|
|
|
|
|
|
Need some advise so I am going straight to the problem.
I did one security hardening of PHP/MySQL site, after it was attacked. There were some obvious vulnerabilities as 'globals on' and unencrypted passwords in database. I fixed those, add few features, enhanced it a bit.
So, after that, one other owner of similar site, which uses same script, but heavily modified asked me if I would check his script. That owner has much more traffic and bigger income from the site.
After short examination, I found out pretty much the same things. So I plan to offer them at least encrypting the database, and few other things.
Now, my question is how much should I ask for?
I plan to offer them in parts, for example:
- administrator and users table encryption and according PHP modifications: $xxx.xx
- removal of risky/unnecessary/not protected data: $xxx.xx
and so on...
What else can I include? And how much could I ask for it?
In addition, if someone has some experience with those things, maybe he could tell me how to automate process of vulnerability searching. |
|
|
|
|
|
www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|