Hi folks,
I am thinking through some options for my clients, and would love some theoretical feedback.
I have a number of clients that want remote access to our database -- in the past, we've used port forwarding, used sesame_allow.txt to whitelist their IPs. However, we found some of our clients had ridiculously slow internet connections, and when giving them full access to our database application, they slowed our internal functions to a crawl. With 40+ clients wanting remote access, that's not going to work going forward.
I'm doing some research on the web server tutorial, which is not something I've done before, so I'm a complete novice here -- it looks like I could set up a simple search and result based page with little effort -- however, I am concerned about data security as I don't want anyone accessing data they shouldn't. So, my questions are:
1) Internally, we have a user form inside our application that we use to limit access by client numbers, and their user profile ID matches their Sesame login set up on the Server Admin panel. I see in the tutorial the @login option, and how to store passwords locally, but how do I use that login to limit searches to just records from a specific client number associated with that login? For example, login FF1 is limited to only accessing CltNo 3060;3141;3174.
2) As well, I would love to limit external IPs access -- is there a way to validate external IPs through a saved text file such as sesame_allow.txt?
3) Is there a simple way to log failed login attempts, or attempts from unauthorized IP addresses?
4) Lastly, I am not a very skilled web designer or developer (I can use Weebly or Wordpress to build HTML things) -- are there any security risks I should be concerned about, or could outside access be forced to pull consumer data from our database through a brute force login attempt, or circumventing the login process?
Thanks guys -- I just need a gentle prod in the right direction so I can start experimenting ...
|