Address Book Security
- Address Book Sort Contacts By Name
- Address Book Sort Contacts By Type
- Address Book Add New Contact
- Address Book Edit a Contact
- Address Book Delete a Contact
- Address Book Security
This page will help you with address book security. There are five apps for administration of your address book, as you can see above: edit, delete, add, view by type, and view by name (sorts by last name). The Address Book Sort Contacts By Name app will be the page to go to for general use of your address book. The address book uses PHP and MySQL and is online, unless you have access to a computer that has both of these installed and you control the security and access. We advise that if your address book is online, have nothing link to it—why temp hackers? Put its files in an inaccessible folder that's password protected. Put your password in a secure place and use Roboform for convenience and security. Then you will have, in their words, "No more passwords to remember, Log into websites automatically, Simple. Secure. Everywhere." Hyperbole aside, we use it and like it. Anyway, in case you don't know how to keep your address book secure, read on:
Password Protect Directories for Address Book Security
Save the code on each of the five app pages above and FTP them into their own private directory online on a website you control. Nothing should refer to or link to this directory. YOU will be able to access it because you know where it is, but no one else will catch any hint it even exists. Go to your cPanel X control panel. You'll need the password and username the host gave you when you signed up. Or if you signed up for a reseller account, you give the passwords and usernames to yourself.
Click Password Protect Directories in the Security section in your cPanel X control panel. Select the directory to protect, where your address book apps are. Check "Password protect this directory" in the Security Settings. Save. Choose to Go Back. Create Username and add a password. (For security's sake, make sure passwords use some special characters like $#@!*^&% as well as letters and numbers.) Username and password will be required of anyone trying to access the chosen directory—in this case, your address book folder. Now click the "Add/modify authorized user" button. Now only authorized users will be let in.
Go to your FTP program (e.g., SmartFTP). Click on your address book folder on the server. Press F5 (or however else your program refreshes) to refresh the directory listing—it may be a menu item. If you did the above protection process correctly, you'll now see an htaccess file, the automatic result of the above process. Select the file, then select to view it and you'll see:
AuthName "PHP Addresses"
If you see that (but with data specific to your site), all is well. Now, to be extra careful, let's control indexing and also access to the config.php file you had to make to access your MySQL database where your addressbook table lives. In our case, this file is in the directory folder that is the parent of addressbook subfolder where addressbook files live, so we used include_once"../config.php"; to get to it. Your configuration file may be in your public_html folder or elsewhere, but make sure it has an htaccess file (easily creatable with a text editor) that has the following:
deny from all
This stops anyone from looking through your site's directory from a browser, and allows your config.php file to be used in includes for MySQL access, but not otherwise accessed, even if your PHP processor for your site is temporarily inoperable due to maintenance.