Application or script?
Results 1 to 8 of 8

Thread: Application or script?

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292

    Application or script?

    A little background information:

    I'm in a class called senior project, which is a 15 week IT solution for a real company.
    The project i'm working on is a secure web page for a "middle man" loan company which allows third party credit companies to bid on loan applications. For this project my thought was to have an admin. login on the server (hosting outside of the company) to allow the basics: adding, deleting, changing records ect... One of my teammates suggested that we write a client application which would connect to the database to allow these functions. He felt that by having the admin access restricted to the company's computer with this application would provide better security. I felt we should focus our efforts on creating a secure login on the server itself rather than an application outside of the server.

    any thoughts or suggestions?
    A mind full of questions has no room for answers

  2. #2
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    I would definetly stick to just doing a secure login on the server itself. If the only argument to building a client application is because you could set the IP, thats not much of an argument. With the use of sessions and IP id'ing of the headers sent by the client machine to the server, you could easily detect the ip of the client machine connecting. I would also believe, that since the compnay wants a web solution, they don't want to have to be limited to just one machine.

    You can definetly make a secure login via a webpage if the proper precautions and input validation/session management is taken.


    If I were to build this application, I would combine PHP and MySQL together to form the input/output/admin login/data storage etc etc.

    The beuty of the web is that I can make a bid anywhere, not just where I have the client application installed.


    Sounds like a great senior project. HAve fun with it.

    xmad

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    If I were to build this application, I would combine PHP and MySQL together to form the input/output/admin login/data storage etc etc.
    Great minds think alike
    We've decided to use php and mysql for this project w/out a doubt. But my teammate wants to build a client application (used ONLY for admin. functions, the bid system will be php) in VB.NET.
    His view on the subject is that he feels uncomfortable having an admin. menu on the internet and thinks that it would be safer if the admin. functions were only accessable at the office computer.
    If anyone has anything to say which can help me put him at ease please help me out
    A mind full of questions has no room for answers

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    We have reached a solution that makes us all happy
    A client application that allows for daily admin. access such as submitting applications and transmitting them into the database, and a server script for less often admin access such as creating users.
    A mind full of questions has no room for answers

  5. #5
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    That sounds good, but I still don't know why you wouldn't just do it all over the net. A secure logon for a web connection is really not that hard to do if the proper checks and balances are taken. I write all my PHP code from scratch so that I can guarantee security.

    You should look into the book Secure PHP Development by Mohammed J. Kabir.

    ISBN: 0-7645-4966-9

    It has lots of good tips and tricks for ensuring proper user authentication techniques.


    But in any case... GOOD LUCK!



    xmad

  6. #6
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    I still don't know why you wouldn't just do it all over the net
    Because the applications are taken by the client application a user could work on a offline computer and update the database when a connection is made. I agree that we don't NEED the client application, but with this solution everyone is happy

    You should look into the book Secure PHP Development by Mohammed J. Kabir
    Thank you for the resource

  7. #7
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    Because the applications are taken by the client application a user could work on a offline computer and update the database when a connection is made.
    That answers that question nicely.

    Good luck with it.

    xmad

  8. #8
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    I've met with the company I'm working for on this project and after seeing the direction we've taken they have expressed interest in selling our system to other credit companies.
    You should look into the book Secure PHP Development by Mohammed J. Kabir.

    ISBN: 0-7645-4966-9

    It has lots of good tips and tricks for ensuring proper user authentication techniques
    It also has a lot of useful information in making scripts more portable

    for (x = 1 to 1000)
    {
    cout << thank you!
    }
    A mind full of questions has no room for answers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •