|
-
September 29th, 2005, 08:46 PM
#1
Junior Member
Need advice on implementing dynamic web site admin
Hi all,
I'm an experienced programmer, but fairly new to web site design/development. I'm currently working on a data-driven web site and would like to give the client access to updating their own dynamic page content (such as news & events, inventory, etc.).
On a previous project I worked on we had a login/password section at the main portal, but it was for a secured intranet site. I'm not sure I want to follow this same approach for this public website since I only want the designated web administrator to have access to it (so why publish the login/password controls to the world).
Anyway, there are plenty of dynamic sites out there, so I'm sure there is some kind of standard approach to this...
By the way, I don't want to give the web admin direct access to the DB. Instead, I was thinking about providing a web interface to the dynamic content of the site.
For example, I was thinking about creating some ghost pages out there with a URL that only the web-admin would be aware of (though probably not the most secure way), or maybe putting an invisible link on one of the public pages that will re-direct the web admin to a login page and so on...
Is any of this common in the Web development world? If not, what are some common standards/approaches to this type of issue?
Greatly appreciate your help.
Thanks,
Ed
-
September 29th, 2005, 09:25 PM
#2
I'm no expert on this so, hopefully others will reply.
I would not include an "invisible" link because it won't be invisible. Anyone could just look at the source code and figure it out. There are several methods I've seen where people try to encrypt the source using a script. There are several ways to overcome that. Heck, even a spider will find the link and the next thing you know, it'll be listed right under your webpage in search results from google.
Well, I guess you could put it in your robots.txt file so "honest" spiders would ignore it.
Sometimes putting stuff into your robots.txt file will give people more info than you'd like.
"Hmm... why doesn't he want admin.htm indexed by google? let me check that out..."
Maybe restrict the login page to the person's IP address/range or require further authentication, etc.
I'm no web developer and I've done very little with it... so I'll pass on the rest. Don't want to misinform you. I've got a lot to learn in ways of how to secure websites and the like. I do enjoy checking out what others have done... but thats just when I'm bored.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
September 29th, 2005, 10:02 PM
#3
As a web developer keep the following things in mind
1. Be on the look out for XSS (Cross Site Scripting) i.e users should not be
able to insert HTML code.
2. Beware of SQL injection.
3. Avoid using hidden tags.
above is in no way a complete list, but is enough to get started once you get
going you will see things yourself.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
