Results 1 to 6 of 6
  1. #1

    The details of creating a secure online store

    Hi,

    I would assume this has been asked before, but I just don't know what to search for to find the answer.

    I am a fairly accomplished computer engineer. I know C++ pretty well, I also know Java at a novice level (never really got into it). I know a fair bit about hardware, networking, etc. On the web side, I know HTML and have plenty of experience using it. I also know javascript and perl fairly well and have used a few other scripting (or whatever you want to call them) languages. I am also aware of XML, though I'm just beginning to use it.

    I would like to make a wemcommerce-type website. It will allow users to log in, have settings, etc. I would also like to make it secure. That's where the problem comes in.
    Let's say I want to make a bulletin board on my website (that's not really what I want to do. I am aware of free tools that allow me to do that, I am just using it as an example since it has requirments similar to what I would like to do). My basic approach would be to start up a database server (with SQL or something. I'm not too experienced with databases) and access it through cgi or asp to make everything work (Each user has a database record, each post has one as well, etc.). My problem is that I don't know if this is at all right.
    Is this how such sites are made? Is there a good book/website/anything that shows how to make such a site? Or at least gives a basic overview and provides resources for further learning?
    Searching the net (google/amazon/this site) takes me to books that teach SOAP, WS-Security, etc. I don't know much about those things (I may have seen them in a presentation or two). It would be really great if someone could give me some basic info so I can avoid reading books I don't need to (I still have a day job ).

    Thanks in advance,
    Hawk

  2. #2
    Join Date
    May 2005
    Posts
    67
    Take a look at http://www.hotscripts.com and look for a cart created in your language as somewhere to start.

    Hope this is helpful.

  3. #3
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,588
    Well try reading some online tutorials at developer related sites such as www.sitepoint.com

    Creating your own custom e-commerce store is no easy task, even for a seasoned developer. Since you're faily new to web related programming I would highly recommend you do not build your own custom store front/backend as it will most likely have security holes without you knowing.

    As suggested above, try exploring some off the shelf shopping carts first to suite your needs. The cost of making a custom one will be 20x more and above, than using a pre-built one.

    Basically you'll need to accept the users payments using an online credit card processor. There are 3rd party merchant accounts and your own merchant accounts for this. 3rd Party would be things like Paypal, 2checkout and others where the processors name appear on the customers credit card statement while your own merchant account will have your own companies name and offer more flexible billing options while having other downfalls such as liability for clients credit card numbers, etc.

    Depending on your type of store, the volume expected and processing method you will need to find a shopping cart that can meet these expectations. Many off the shelf shopping carts with built in support for Paypal, Authorize.net, 2checkout and others.

    There is lots more to cover like having SSL but this is just touching the tip of the iceberg.

  4. #4
    Ramprage: I know I shouldn't re-invent the wheel. But I'm doing something new and I don't think similar things exist (I've searched). Thanks for the advice.

    debrown: Thanks! Your link seems very useful. I was going to take a look at some bulletin board code, but those were too big. The scripts on this site look perfect . Are there any books that teach the basic concepts? What to look for, what the major volnurabilities are, etc.?

  5. #5
    Join Date
    Mar 2003
    Location
    California
    Posts
    142
    If you are using PHP/mySQL I have made use of a very good article on devshed.com on the PHP security. The link is

    http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/

    Good luck in your programming endevours.

    Raphael
    raphael@rippleweb.com

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    make sure every variable inserted into php is checked for sanity
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •