1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need Advice RE: Secure Database for BH project

Discussion in 'General Scripting Chat' started by rreeve, May 6, 2011.

Tags:
  1. rreeve

    rreeve Newbie

    Joined:
    Apr 8, 2010
    Messages:
    47
    Likes Received:
    11
    I need to build a website that lists certain data in profiles. I can't say what the data is at the moment because, lets just say its black-hat. So I can explain the advice I need, lets just say for argument's sake the data is of corporations. (It isn't but it helps paint a picture)

    Anyway, I want to build this website that lists certain data on individual corporations which people can search using various filters. Each corporation will have its own profile that's accessible to all and a users can list multiple profiles to compare certain data which they choose.

    Its very important that I allow people to add/edit data to existing profiles as well as create new profiles, however, I need to offer this feature while still remaining secure.

    I don't want to disclose the full nature of the website but lets just say it'll be a website that certain people may target to try and hack or corrupt the data being listed. So how could I build something like this with these features while staying secure from hacks. Are there any applications/platforms out there that would allow me to provide a website where people can edit and add data without any risk of hacking. Or is there a set-up that can protect the site as much as possible.

    The website will need to be hosted in a foreign country because I can see our government trying to force the site offline so this should give you a good perspective of the security precautions I need to take.

    I will say however, its NOT illegal but it WILL piss off certain people with a bit of power and influence.

    Also, if anyone can advise me on ways to build and host this website while remaining anonymous to any prying/investigating authorities, that would be very helpful. But my main concern is how to build a site such as this, which platform etc etc.

    I've tried to be a clear as possible explaining this project while keeping the concept secret. If you need some more information in order to advise me, just ask and I will try my best to explain it further. :)
     
  2. rreeve

    rreeve Newbie

    Joined:
    Apr 8, 2010
    Messages:
    47
    Likes Received:
    11
    Anyone?

    Anyone at all?

    :(
     
  3. ExobiT

    ExobiT Junior Member

    Joined:
    Apr 21, 2008
    Messages:
    145
    Likes Received:
    25
    I hope you have a solid budget ;) Keeping things "secure" aint as easy as it sounds.
     
  4. rreeve

    rreeve Newbie

    Joined:
    Apr 8, 2010
    Messages:
    47
    Likes Received:
    11

    Yeah, I know, and a lot of hard work too!
    So, would you recommend a specific platform... Wordpress maybe? or do you think a project such as this would need to be custom built?

    The best way I can think of allowing people to add/edit profiles would be if I have to APPROVE all content first before it goes live. While this will of course create a lot of work, I can't think of a better, more secure way of doing this.

    It'll be great if it could be all automated but I don't think this is possible to remain secure. What do you think?
     
  5. xpwizard

    xpwizard Junior Member

    Joined:
    Nov 6, 2010
    Messages:
    198
    Likes Received:
    122
    Create a wiki type site... There are many wiki clone scripts out there.

    Make sure to secure your server, and then check the script for XSS and SQL Injection vuln.
     
  6. ExobiT

    ExobiT Junior Member

    Joined:
    Apr 21, 2008
    Messages:
    145
    Likes Received:
    25

    Sorry for my late reply, i forgot about this thread.

    If its sensitive material, i wouldent use WP. Yes you can do it (Themeforest, and all their networks are build in WP. But is heavily modified) You should take a look at Drupal instead. Drupal can be a bitch to work with. But if you get the right developers, (and hosting platform) you can get a secure invironment for your project. If not Drupal, take a look at the Django framework, and build it on top of that :)
     
  7. other_henry

    other_henry Junior Member

    Joined:
    Jun 1, 2011
    Messages:
    107
    Likes Received:
    19
    Occupation:
    Freelance coder, server guy
    Location:
    US
    What you describe is impossible.

    If you don't have physical control of the box then anybody withaccess to the box owns your data.

    Even if you do have control of the box there is no way to make anetworked system 100% secure.

    Look at the hacks on RSA, Lockheed, etc. They have bettersecurity then you can imagine and they were compromised.

    I suggest you rethink your idea or line up some very goodlawyers.