Hi everybody,
I am trying to implement a website where users may login and view
available properties. Basically it is an online auctioneering site which
is my final year project. I want to be able as SysAdmin to log in
myself
and modify, add properties, upload images etc. At the moment I am toying
with letting
both users and SysAdmin log in from the same authentication window. The
properties are all saved in a PostgreSQL database on my machine here. I
have created a user <webadmin> who has insert, update, select and delete
priveleges
on all tables in my database. This user is unable to create databases or
users. When the SysAdmin logs in he will have a page where he can modify
houses etc, while when an ordinary user logs in he will have the basic
window where he can search for houses. At the moment I have it such that
both users and SysAdmin when connected are connected as webadmin. I dont
think this is a very secure method but its all i can think of at the
moment. I'm also not sure how to kep the SysAdmin's page secure from
everybody else. At the moment all my pages are in a
/usr/local/apache/htdocs/project/ directory. Does anybody have an idea how
i could make this implementation more secure and functional.
Thanks,
Paul