phpYellow Pages Developer's Guide

Guide Home | Install | Read Me | FAQ | License | Security | ChangeLog | Customize | Paid Listings

Security

TABLE OF CONTENTS

A NOTE

Every administration script is protected by transparent username and password security.

RECOMMENDATIONS

  1. DELETE all phpYellow files that have the word "install" contained within a filename.

  2. Set the "ADMINUSER" & "ADMINPASSWORD" CONSTANTS defined in util.php to your best possible values:

    define("ADMINUSER", "yourPHPYellowUserName"); // your phpYellow login
    define("ADMINPASSWORD", "yourPHPYellowPassword"); // your phpYellow password

  3. Change the name of admin.php to yourfilename.php, then set the "admin.php" value below in util.php to the same new changed value:

    define("ADMINHOME", "admin.php"); // your phpYellow administration page

  4. Make your administration password a good one, keep it safe and don't tell anyone .... change it regularly by changing the value for the ADMINPASSWORD constant.

  5. Make regular and frequent backups. Do not change filename extensions to anything other than php, php3, phtml or a valid php extension. To change a file extension to .html is like inviting hackers in.

  6. Keep the default notification on for new or changed listings:

    define("NOTIFYONCHANGE", "yes"); // if you want the WEBMASTER notified

  7. Quickly delete unwanted records submitted by hackers with the Manage-Listings tool.

  8. Use a different password for your database which is NOT the same as your regular internet user account login.

SUMMARY

There are a number of levels of security but no mechanism anywhere is 100% safe from unwanted breach. Your best defense is to use a good, long and varied password and be sure to include numbers and other special characters in it. You can also change the admin user name, admin password, the name of the admin php file and other parameters. I recommend doing so. This may be performed in util.php

Rather than make hacking easy, additional implemented phpYellow security precautions are embedded into the source code but not documented. You would need to go over every line of code to understand the built in security for phpYellow.

Additional web server specific, scripting language specific and database specific security issues are not addressed here. These component specific concerns are best described in the documentation the components are delivered with.

Web Server http://www.apache.org
Scripting Language http://www.php.net
Database http://www.mysql.com/

FEEDBACK

If you can think of additional useful safety precautions to add to this document please send your thoughts to DreamRiver.

END OF DOCUMENT

Guide Home | Install | Read Me | FAQ | License | Security | ChangeLog | Customize | Paid Listings

All Pages Copyright©2000,2001,2002 Dreamriver.com. All rights reserved.