Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Peter Nielsen 159 posts 257 karma points
    Feb 10, 2012 @ 21:19
    Peter Nielsen
    0

    How secure is the Member section

    Hi,

    I'm trying to make a website with alot of Users. I've made so the user can create a profile, and edit their own profile. But now I would like if the users can have an account with money on it. So if they transfer money they would have on their account would be a number in a accountbalance property attached to the member.

    I know how to make all this, but Im not good at understanding all about the security. Is their any danger with this? I meen: Is their any way (hacking-wise) the users could change this number?

    Something that i should do? Something that i should be considering? :-)

    Regard

    Peter

  • Mila 60 posts 79 karma points
    Feb 23, 2012 @ 11:46
    Mila
    0

    I'm building a business website, where my members will buy products in the website and I have the same doubt.

  • kristian schneider 190 posts 351 karma points
    Feb 23, 2012 @ 12:47
    kristian schneider
    0

    I would proberbly segregate that kind of info into a seperate database/table and encrypt the information. 

    The only reference would be a encrypted memberid or similar. That would to some extend improve the security

     

  • Mila 60 posts 79 karma points
    Feb 23, 2012 @ 12:58
    Mila
    0

    Thanks :)

    Mila

  • Peter Nielsen 159 posts 257 karma points
    Mar 03, 2012 @ 22:18
    Peter Nielsen
    0

    Im using the Membership control wich uses the C# Membership Provider.

    When I set properties to the member inside Umbraco, I cant find it inside the database. So where is this information stored, and is it secure enough?

    The properties I would like to attach to this member is account total value (how much money he has on his account), and his bank account number (not creditcard data, but so he can cash out his money to his bankaccount).

    But is it safe to do? Or would it be better to store in a encrypted database? And how do i encrypt a database? :-)

    /Peter

    (Sorry for my stupid questions, if they are, but Im not good at encrypting and database settings) :-)

Please Sign in or register to post replies

Write your reply to:

Draft