My question is a general one because I lack a hole picture of what I should do!
I am developping a website containing a member area. Each user register trough a login and a password and can access forms that allows them to edit and update their personal page. Non registered users can access a little search engine to find personal users pages based on some characteristics.
This website is developped in php and is now hosted in localhost with Xampp .
My question is about administration and security.
The administration of the website will require to delete and update data published by users on their personal page.
So now in localhost I just go through phpMyAdmin to modify these tables.
-Can I just do the same when the website will be online?
-Is the use of an admin part made to make it quicker than getting in the tables trough phpMyAdmin ? The password of the users are encrypted to prevent their use in case the data would be stollen so anyway I cant use their login and password to connect to there personal pages to delete data in case they wouldent respect the website rules?
Concerning security, is there a need to protect files with an .htaccess with the type of website I am describing?
I secured the php scripts againsts main security breaches( xss, sql injection, csrf, upload ) but I dont completely understand what else should be done when the website gets online.
For example there is a password for mysql to connect to the database: this password is stored in the databse.php like this
$db = new Database( login , password , website );
What is the use of this password when the website is on a server, does someone else than the administrator can access to the files on the server ?
As you can see, my questions are a bit confused because my picture of administration and security is not clear when it comes to jumping from the world of localhost to the world wide web!
Thanks for your help.
