someone asked me to build an application which manages critical information in law :
if should be ‘unhackable’, but if someone tries to hack, no names of persons, location
or any relation to real existing cases of law should be found.
i’m not very experienced with serversided apps (anyways : i love java se, but didnt proceed
successful with javafx any similar)
at first i guess these things should be realized
(to do with html,php,js,ajax,css and mysql) :
contents in database should be encrypted as far as it makes sense
sql-intrusion in form fields should be avoided
sql-code like INSERT,UPDATE,DELETE are StoredProcedures
SELECT is the only sql-code which appers in php-code
table- and fieldnames are numbered, no meaningful chars
https is used
-> this way -i guess- all datastreams between server and client
dont contain any human-understandable information, are not meaningful
is that done enough ?