Results 1 to 6 of 6
-
05-31-2005, 12:25 AM #1Newbie
- Join Date
- Apr 2005
- Posts
- 24
The details of creating a secure online store
Hi,
I would assume this has been asked before, but I just don't know what to search for to find the answer.
I am a fairly accomplished computer engineer. I know C++ pretty well, I also know Java at a novice level (never really got into it). I know a fair bit about hardware, networking, etc. On the web side, I know HTML and have plenty of experience using it. I also know javascript and perl fairly well and have used a few other scripting (or whatever you want to call them) languages. I am also aware of XML, though I'm just beginning to use it.
I would like to make a wemcommerce-type website. It will allow users to log in, have settings, etc. I would also like to make it secure. That's where the problem comes in.
Let's say I want to make a bulletin board on my website (that's not really what I want to do. I am aware of free tools that allow me to do that, I am just using it as an example since it has requirments similar to what I would like to do). My basic approach would be to start up a database server (with SQL or something. I'm not too experienced with databases) and access it through cgi or asp to make everything work (Each user has a database record, each post has one as well, etc.). My problem is that I don't know if this is at all right.
Is this how such sites are made? Is there a good book/website/anything that shows how to make such a site? Or at least gives a basic overview and provides resources for further learning?
Searching the net (google/amazon/this site) takes me to books that teach SOAP, WS-Security, etc. I don't know much about those things (I may have seen them in a presentation or two). It would be really great if someone could give me some basic info so I can avoid reading books I don't need to (I still have a day job ).
Thanks in advance,
Hawk
-
05-31-2005, 12:28 AM #2Junior Guru Wannabe
- Join Date
- May 2005
- Posts
- 67
Take a look at http://www.hotscripts.com and look for a cart created in your language as somewhere to start.
Hope this is helpful.
-
05-31-2005, 10:47 AM #3Keep rockin' in the free world
- Join Date
- May 2002
- Location
- Kingston, Ontario
- Posts
- 1,588
Well try reading some online tutorials at developer related sites such as www.sitepoint.com
Creating your own custom e-commerce store is no easy task, even for a seasoned developer. Since you're faily new to web related programming I would highly recommend you do not build your own custom store front/backend as it will most likely have security holes without you knowing.
As suggested above, try exploring some off the shelf shopping carts first to suite your needs. The cost of making a custom one will be 20x more and above, than using a pre-built one.
Basically you'll need to accept the users payments using an online credit card processor. There are 3rd party merchant accounts and your own merchant accounts for this. 3rd Party would be things like Paypal, 2checkout and others where the processors name appear on the customers credit card statement while your own merchant account will have your own companies name and offer more flexible billing options while having other downfalls such as liability for clients credit card numbers, etc.
Depending on your type of store, the volume expected and processing method you will need to find a shopping cart that can meet these expectations. Many off the shelf shopping carts with built in support for Paypal, Authorize.net, 2checkout and others.
There is lots more to cover like having SSL but this is just touching the tip of the iceberg.
-
05-31-2005, 04:41 PM #4Newbie
- Join Date
- Apr 2005
- Posts
- 24
Ramprage: I know I shouldn't re-invent the wheel. But I'm doing something new and I don't think similar things exist (I've searched). Thanks for the advice.
debrown: Thanks! Your link seems very useful. I was going to take a look at some bulletin board code, but those were too big. The scripts on this site look perfect . Are there any books that teach the basic concepts? What to look for, what the major volnurabilities are, etc.?
-
05-31-2005, 07:18 PM #5WHT Addict
- Join Date
- Mar 2003
- Location
- California
- Posts
- 142
If you are using PHP/mySQL I have made use of a very good article on devshed.com on the PHP security. The link is
http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
Good luck in your programming endevours.
Raphael
raphael@rippleweb.com
-
05-31-2005, 07:35 PM #6Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
make sure every variable inserted into php is checked for sanity
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance