phpBMS

Why Secure ppBMS?

phpBMS is a sophisticated platform offering multiple business solutions like CRM, Invoicing and Inventory Management solutions rolled into one. That being said, it has the ability to store vital information about your business and your clients including trade secrets and classified information that you would not want getting into the wrong hands. There are a number of things you should do in order to secure your copy of phpBMS.

Please Note

This page discusses just a few of the options available for securing the phpBMS system. Please discuss with your system administrator other ways you will be able to limit access to and secure your installation.

Delete Install Folder After Installation

Be sure to delete the "Install" folder from your phpBMS files on your server. Please see the documentation for your FTP client or web based FTP interface for information on how to delete files.

Change the File Permissions on Settings.php

Change the File Attributes/File? Permissions on the settings.php file on your server. This controls who can see or make changes to the contents of the file. Since the settings.php file contains the log in information for your database (where phpBMS stores all your important information like client contact info and product pricing), it is important to lock this file from public view. This can be accomplished two ways:

Via FTP Client Menus

This can be done via your FTP client, usually by right clicking on the file and selection "file permissions". As this process varies from client to client, please see the documentation for your FTP client or web based FTP interface for information on how to change these preferences. The following are screen shots for some popular clients:  CuteFTP |  Voyager FTP |  Leech FTP |  Total Commander (Windows Commander) |  WS FTP.

Once the file permissions screen is active, you will have three choices under three user groups.

  • Groups
    • Owner Permissions
    • Group Permissions
    • Public Permissions
  • Options
    • Read
    • Write
    • Execute

A complete list of user permissions can be found at  this chart. It's suggested to use a 644 setting, which allows the owner only read, write permission. This also applies regardless if there will be multiple people using the phpBMS program itself, as this does not apply to entire program, but just this file itself. General phpBMS users will not need to access this file as the only information herein is the general database information utilized by the program itself.. In order to achieve this set the Permissions as follows:

  • Owner Permissions (Read, Write)
  • Group Permissions (Read)
  • Public Permissions (Read)

Via FTP Client Command Line and chmod

Another option is to use the command line in your FTP Client to change the permissions with a command chmod. The syntax of the command chmod is:

chmod [numeric value] [file name]

The numeric value to make the settings.php file secure is 644, so your command will look like:

chmod 644 settings.php

SSL Certification

In order to secure the transfer of sensitive material, like credit card and bank information, it is imperative to secure an SSL Certificate for your server. SSL mean Secure Sockets Layer which basically encodes your information in a string of indecipherable characters when it travels between your browser and your server. This is important in order to prevent third parties from picking up your information and helps prevent identity theft. Speak to your web hosting provider for options on SSL Certificates.

Unique Passwords

Using unique passwords on your mysql database, your phpBMS account and other accounts that you utilize is a good way to secure your site.

  • DO NOT USE personal information, your username or variables of phpBMS in your passwords (so phpBMS123 is out).
  • DO NOT USE real words. Computer programs are available to attempt to break passwords and the first things they try are real words.
  • USE Random strings of letters, numbers and random characters. Your choice of characters says a lot about your personality, switching 3 for E and 0 (that's zero) for O (ohhh) says "I'm the quit, geeky type, W00T" and $ signs for S's say "play-AH".
  • USE phrases instead of just words. 1m2s3xay4mypa$$$word is a favourite. More: 2l3g172qu17 or 1c4nh4$ch33zburg3rY0 or 1n33ds133p.

Can't Secure Your phpBMS?

There are options, like running it on your local computer (just make sure you use protection, like firewalls).

Scanned by Orvant Copyright © 2010 Kreotek, LLC. All Rights reserved.