• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Any web designers?

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    #11
    Originally posted by RRH
    the site is currently free to use, I generate money through advertsing-does anyone have any ideas/suggestions as to what features I should add when I revamp the site?
    A java game called lets throw bricks at jonno.

    Tips on male grooming.

    A section about coping with a lithp.

    Comment


      #12
      Originally posted by Clippy
      And the same would go for collecting user data using PHP, right?
      e.g. Creating a user account for your website.
      One of my pals is running a PHP site for technical support, and making some wonga from advertising - i.e. not collecting payments via the site.

      His observations:

      New PHP attacks are coming all the time. Keep up to date with the security patches - this is a must.

      Watch out for bots trying to fill discussion sections with spam. He now insists on folks creating an account to avoid this.

      Lock up any customer data as tightly as you can. Don't let email addresses be harvested as you can be accused of selling them to "they who should be shot at dawn" (spammers).
      Behold the warranty -- the bold print giveth and the fine print taketh away.

      Comment


        #13
        Originally posted by Sysman
        One of my pals is running a PHP site for technical support, and making some wonga from advertising - i.e. not collecting payments via the site.

        His observations:

        New PHP attacks are coming all the time. Keep up to date with the security patches - this is a must.

        Watch out for bots trying to fill discussion sections with spam. He now insists on folks creating an account to avoid this.

        Lock up any customer data as tightly as you can. Don't let email addresses be harvested as you can be accused of selling them to "they who should be shot at dawn" (spammers).
        Couple of others:-

        Make sure passwords are stored in the DB as a one-way hash, then compare hashes when the user enters their password.

        Go through the code with a fine-tooth comb and change any straight DB calls to parameterised queries to avoid SQL injection - PHP tends to be wide open to this kind of attack since it's DB handling facilities are pretty primitive by default. You may need a 3rd party library such as Pear DB in order to do this, not sure.

        Turn off "register globals" in the PHP config file. If the application breaks, go to the person who supplied it to you and demand your money back, with menaces if necessary.
        Listen to my last album on Spotify

        Comment


          #14
          Cowboy Bob/realityhack/Sysman

          Appreciate the comments. I'm from an infrastructure background so the development arena is outside my field of knowledge.

          I'll take up your points with my developer.

          Final point, any suggestions on the best way to secure users email addresses?

          Comment


            #15
            Too much pink will create impression it is a gay site.
            bloggoth

            If everything isn't black and white, I say, 'Why the hell not?'
            John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

            Comment

            Working...
            X