Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Obfuscating database name at login
08-03-2013, 01:22 AM, (This post was last modified: 08-03-2013, 01:23 AM by icedlava.)
#1
Obfuscating database name at login
Hello everyone,

I have not committed this code yet as I need feedback on 3 questions below. First some background:

I have completed some first draft of this code which prevents the database name being displayed at login and instead displays the chosen company name to select at the login box (if this selection option is chosen).

There were a few ways to implement this and I chose to try and minimize page load time, and integrate any necessary variables in the existing config.php which is in any case included.

An alternative path would be to use a small include file in each directory of the company to hold the required variable however this requires more loading time at each page load.

Some benefits of the method chosen:
1. Database is totally obfuscated for security and not able to be seen from the login
2. Only configured databases will display in the Login, so for example if the weberpdemo, which has a companies directory, was not installed it will not display in the login box selector (which could lead to error).
3. A little more user friendly to see the Company name rather than database name.

Files touched in this work include:
* ConnectDB.inc
* Login.php
* install/index.php
* config.php

Other related files updated/affected:
* Z_MakeNewCompany.php

Questions:
1. Are there any other files that may be affected as the $_POST var captured in the login form now is an integer, not a database name. Also, CompanyName is really company name not a database name.

2. How best to do the upgrade? I have at the moment made some provision for the files to consider old installations without the new variables in config.php however this basically adds the old code in the files mentioned as well as the new. This needs to be done unless the existing installs are either updated manually or through some script to run to add the simple array lines holding database name and company name at the end of the config.php file.

3. Do we want this as it is now - or can someone suggest improvement or another method?

Thanks in advance for your attention and feedback on this!

Cheers,


Reply


Messages In This Thread
Obfuscating database name at login - by icedlava - 08-03-2013, 01:22 AM
RE: Obfuscating database name at login - by phil - 08-06-2013, 08:59 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)