I have a website that will only be used to pull up URLs for credential verification over the internet. There will be no direct e-mails or data uploads (except via FTP), or message boards,etc. The information on the site is public information and so I do not have to hide any files. A typical url could be:

http://your-domain.com/12345

How secure is this data? How might someone destroy the database? I want to keep the URLs as simple as possible and not make the pull up of information any more complicated than it is.


Thanks in advance.

When dealing with a database on the Web, security is more in the hands of your host than it is in yours.

What are they using IIS or MySQL? On which OS (Windows, Linux, BSD, etc)?

How often and up to date are they on patches?

Keeping the flaws to a minimum is in their customer's best interest so a reputible host will keep on top of things.

A strong login password will help (this will help prevent someone from guessing you login and making unauthorized changes).

No matter what it would be a good idea to "hide" the files from the public, using .htaccess or some other server side method is preferable.