Form generator

[GPG]

I have installed the php form generator software onto my site, but there appears to be no requirement for a password to get into any part of the directory. Theoretically, anyone could get in and generate a new form, and most worryingly - read all the data. We want to use these forms as order forms, so personal details would be insecure.

Does anyone have any experience of this?

[David]

Hi, I haven't really used them for anything live yet just played around with it. There is a new version coming soon (3.0) so you might want to check sourceforge regularly. It promises to be lightyears ahead of the current version (2.09c I believe) and may address security better than it does now. Until then you could always setup .htaccess to handle p/w entry into the directory.

David

[mediahosting]

You could try to change the permissions on the files which create new form posts. Change them to 644 etc, so that they are read only, and not writable to the world etc.

Also you could move the form post creation page, and change the paths on the other files which call to that file when you to create the form posts. Also you can add a password protection to any folder setup beneath the form post folder and have the file which creates the form posts protected. It's probably only a few files to change paths on.

Also the password protected directories can be setup with a few clicks in Cpanel. Much easier for the novice then editing .htaccess file.

- Kris

[GPG]

Thanks for your tips. The results page is now password protected and support fixed my .htaccess file after I had a failed attempt at doing it myself.

When I have the time I think I'll get myself along to an evening class (or buy a book).