me
Starting Member
10 Posts |
Posted - April 03 2004 : 20:04:58
|
Why, if the installation process leaves behind areas/methods for access to loser boneheads, isn't there a automatic deletion of all the unnessary files after installation?
And.. Why not send an e-mail or make a phone call with exclusive usreids and passwords so that your software is not vulnerable to smartass sissies for any period of time?
My VP-ASP was installed by FrontPage Web Hosting So if you guys or someone you sell through installs on the host site why not do these things? I know perhaps those who buy/install/then upload may need?, to check funtionality out, however, you guys are smart enough to work this out. And I say that in all sincerity. Thanks, john [email protected]
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 04 2004 : 05:53:15
|
it is possible to plug all these gaps before releasing the site onto a public server. but, just like you, I'd also like to have some kind of switch that I can set to automatically plug those holes before the files get copied to the site. (a lot of people, myself included, just use a normal pc setup for their source and then copy the whole lot to the host, rather than hosting it on their pc beforehand as a kind of offline server) The key things are to change the admin id/pwd in the user table and moving the database file to a different/secure directory before you upload the files to a host. not everyone who uses vpasp is a programmer, and these are key security issues.
Maybe one idea would be for vpasp to split the vpasp files into 2 sections when sending out the software, with one section being the current full list of files, and the second section being a "good-to-go" version of the same files but with the diagnostic files taken out and the admin id/pwd renamed automatically on a per-order basis (along with the name of the admin login screen), so that everyone who buys vpasp gets a different admin login page name and a different id/pwd. That way, the only thing you'd need to do is to change the location of the database file and voila; all measures implemented.
Simon Barnaby Freelance Developer Java-E UK [email protected] |
|
|