Security isn't a easy task in the Internet world. TopSecret is a PRIMARY security program, based in the BASIC authentication provided by PHP.

It is enough to keep commom users away from your data. It is not enough to keep crackers away from your data, if this is possible. Don't use TopSecret to (try to) protect sensitive data, like financial or enterprise ones.

An IE bug

Internet Explorer has a bug that permits an user to log into your page if an user have access to your computer after you have been logged out from TopSecret. This can be circunvected closing Internet Explorer after the logout.

The user/password for TopSecret tables

You have a login and password to access your database. This is like a "root" login, so you can do anything in your own database. Don't put this login/password in your code (topsecret.config). Instead, create a new user with only the necessary access for the especific work it should do. In TopSecret, create an user to take access only to the TopSecret table. So, if someone cracks your system, other tables still secure. Below are the SQL commands to create an user with the privileges to deal with TopSecret job. Change all words with capital letters by names of your choice:

grant select, insert, update on YOUR_DATABASE_NAME.top_secret_db to USER_NAME@localhost identified by 'PASSWORD';


Use what you choose to substitute the pair USER_NAME/PASSWORD to configure the $user and $password variables in the TopSecret.config file.

Index

Overview

Installation

Step by Step

Operation

Security

About