Security

Security

karliekarlie Posts: 83Questions: 17Answers: 0

Sorry if this is a bit of a noob question. I always work with a CMS of some sort (mainly Magento and Wordpress) but for this project I don't really want to be constrained by a CMS. It will be very much a progressive work in progress, an ongoing project. It is a price list for internal use with around 25 columns and 45,000 rows of data. I tried the excellent wpdatatables in Wordpress, but it just had too many useful bits of Datatables missing, although the front end filters were amazing, even though they weren't free.

My question is (at last I hear you say!) how secure is the setup I have? I currently have all my datatable files inside a directory which is password protected in Cpanel. Is this enough and is that secure enough? (long-ish password, over 8 characters, which I believe makes it very difficult to brute force). Longer term I want to see what Laravel has to offer (I've never used it), and see about having everything Datatables related inside of that. I'm not currently storing any personal customer data in Datatables, but long term that is the plan, to have a pricing tool for staff use, a customer database, and a Magento integration using CRON for price updates (export data from datatables and import/update product prices in Magento, although that is about 12 months down the line once I've moved over to Magento 2).

Any help and advice gratefully accepted, I really want a secure and stable platform as it will be business critical.

This question has an accepted answers - jump to answer

Answers

  • kthorngrenkthorngren Posts: 20,144Questions: 26Answers: 4,736

    Maybe this page will answer most of your questions:
    https://datatables.net/manual/security

    Please post any specific questions after reading.

    Kevin

  • karliekarlie Posts: 83Questions: 17Answers: 0

    Yes thanks, I had read that and plan to implement the helpful suggestions. It was more 'is having a password protected directory in Cpanel enough'? In terms of security I'm probably pretty green and naive so I don't want to compromise sensitive data.

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin
    Answer ✓

    This is probably something that is better suited for SeverOverflow or similar to be honest, but I can give my biased opinion. The advantage of using .htaccess for password protection (which is what Cpanel will do) is that its trivial to setup. The downside is that you have no auditing or control. Once its breached, you have a nightmare on your hands since there was no tracking (auditing) of who logged in and changed things. You also effectively have a single point of security failure - if the username / password leak, the attacker would have access to the whole system.

    Having said that, in terms of pure security - HTTP digest with HTTPS is secure.

    Allan

  • karliekarlie Posts: 83Questions: 17Answers: 0

    Thanks, that's helpful. With a very small amount of users responsible for data entry we don't really need any audit trail of who has logged in at this point. A simple shared username and password will suit so long as it's secure from an access perspective.

This discussion has been closed.