[nycphp-talk] Liability protection for consultants?
Hans Zaunere
lists at zaunere.com
Thu Feb 10 10:00:21 EST 2005
> I'm looking at doing some side work setting up CMS and shopping carts for small
> businesses. The web-host I use has a few offerings that are php based and I'm
> looking at the requirements and set up to see which one I'd want to support.
>
> OScommerce requires register globals to be on, and Zen Cart requires some world-
> writeable directories in the DocumentRoot. THe other possibilites are AgoraCart,
> Interchange Cart, and CubeCart.
>
> I'm reading Chris' security workbook and trying to critically review anything that
> deals with money. My biggest fear is that one of my customers has a compromise and
> the public image of the business goes so bad that they lose their business.
>
> Yeah, I'm generally a "worst case scenario" sort of guy...
That's good - this is a "worst case scenario" sort of business...
>From the above and subsequent posts, it sounds like you are on a shared host. Frankly, if you're really concerned about security and storing sensitive data (like CC numbers) get your own box. All the code review and careful planning is pointless when some other idiot on your server is running phpNuke 1.0 from 1997.
> How do you protect yourself against liability, and more importantly how do you give
> the customer the security they deserve?
Get a lawyer - get a dedicated box (or even a jail). Doing the latter will require less of the former :)
---
Hans Zaunere
President, Founder
New York PHP
http://www.nyphp.org
AMP Technology
Supporting Apache, MySQL and PHP
More information about the talk
mailing list