Hi I have a lot of revamping going on, firstly I need my full web page back online (not the mess thats sitting there now)but thats not why I'm posting here.

My aim is to have something maybe similar to a blog where I can post comments and information to the unregistered and subscribed members members. I need to be able to have the user have their own accounts where I post information on the status of the data recovery service I am providing for them, provide them with snippets of data that they need access to immediately eg documents,images,scripts (general user created data of value to the customer. I would prefer the database side to allow the customer to create a free account, submit information regarding make model type of storage device they have lost data from. Also for me to add more specific information regarding firmware but the db has to have a separate entity for me to have my own list of spare media devices so that I can X-reference the clients media with my stock before receiving their data and work out availabilty and time frame for jobs. The customers must not be able to access each others information but the client can see most of his own.

Can anyone suggest which database to go for, what costs may be involved in hiring someone or what competition prizes would be reasonable. Or suggest any coding tricks tips and which is most secure database to have on a host.

Thanks
Regards
From Eddie

Any database can be secured.

The weak point is usually users passwords

Oracle has startling flaws with their security. I think backwards compatibility plays some role. Honestly, I'd bet all databases (and probably other security products) have some hidden exploit that none of us in this thread could understand.

But like Chris said, the weak point usually lies with man, not machine. It doesn't matter what key length your cipher uses if your password is "password."

I'd say that any network database can have a security problems.

If you are worried about those, take a look on sqlite.
http://www.sqlite.org


It's an sql engine which use a file as a storage engine. You can simply put the file outside of the scope of the web server, and still use it.

That way, as there is no network connection to the database engine, and the datas are only accessible through a file that cannot be served by the web server, you are mostly certain those datas will remain secure.

The drawback is that you can only query your datas through a remote session of the sqlite front-end, and other sites cannot connect directly on your database to retreive datas.

Quote:

Originally Posted by tripy

I'd say that any network database can have a security problems.

If you are worried about those, take a look on sqlite.
http://www.sqlite.org


It's an sql engine which use a file as a storage engine. You can simply put the file outside of the scope of the web server, and still use it.

That way, as there is no network connection to the database engine, and the datas are only accessible through a file that cannot be served by the web server, you are mostly certain those datas will remain secure.

The drawback is that you can only query your datas through a remote session of the sqlite front-end, and other sites cannot connect directly on your database to retreive datas.

Thanks, This sounds really interesting! I shall have a look at it tomorrow.

Quote:

Originally Posted by tonbiz

Hopefully you can find in this site

Thanks for the link will have a look tomorrow when I have a bit more time

Quote:

Originally Posted by Learning Newbie

Oracle has startling flaws with their security. I think backwards compatibility plays some role. Honestly, I'd bet all databases (and probably other security products) have some hidden exploit that none of us in this thread could understand.

But like Chris said, the weak point usually lies with man, not machine. It doesn't matter what key length your cipher uses if your password is "password."

Any database can be secured.

The weak point is usually users passwords[/quote]

Quote:

Originally Posted by Learning Newbie

Oracle has startling flaws with their security. I think backwards compatibility plays some role. Honestly, I'd bet all databases (and probably other security products) have some hidden exploit that none of us in this thread could understand.

But like Chris said, the weak point usually lies with man, not machine. It doesn't matter what key length your cipher uses if your password is "password."

I agree with you, I remember reading something where people were asked their password by a security expert and they refused to give it. Later in the day he would ask about their family and made a statement later on along the line of a lot of people use their partners / children's names. The person who had refused the password had the inadvertently given the security guy their password...LOL wish I could remember where I read that.

That aside their are always new exploits found in software it's just up to admin to patch the exploit and watch databases for insecurities...eg (User Passwords)

It bothers me more just now that Learning Newbie; mentioned about Oracle, I'm waiting on a tool I use having the next version released as Oracle will be the backbone. I'm sure that will have been addressed tho as it was due in beta testing last yr..Maybe thats why I'm still waiting

I think your concern is that handling of member information - not databases.

Quote:

Originally Posted by kaisellgren

I think your concern is that handling of member information - not databases.

You're absolutely correct I cannot afford to share any user information at all, really I expect that in the cases where I deliver an offline data recovery (customer sends i media to be recovered) that if he/she needs their info immediately I want to provide them internet access to their data. So the files recovered (confidential) and the user/clients personal/business info needs to be very secure.