I would assume this has been asked before, but I just don't know what to search for to find the answer.
I would like to make a wemcommerce-type website. It will allow users to log in, have settings, etc. I would also like to make it secure. That's where the problem comes in.
Let's say I want to make a bulletin board on my website (that's not really what I want to do. I am aware of free tools that allow me to do that, I am just using it as an example since it has requirments similar to what I would like to do). My basic approach would be to start up a database server (with SQL or something. I'm not too experienced with databases) and access it through cgi or asp to make everything work (Each user has a database record, each post has one as well, etc.). My problem is that I don't know if this is at all right.
Is this how such sites are made? Is there a good book/website/anything that shows how to make such a site? Or at least gives a basic overview and provides resources for further learning?
Searching the net (google/amazon/this site) takes me to books that teach SOAP, WS-Security, etc. I don't know much about those things (I may have seen them in a presentation or two). It would be really great if someone could give me some basic info so I can avoid reading books I don't need to (I still have a day job ).
Well try reading some online tutorials at developer related sites such as www.sitepoint.com
Creating your own custom e-commerce store is no easy task, even for a seasoned developer. Since you're faily new to web related programming I would highly recommend you do not build your own custom store front/backend as it will most likely have security holes without you knowing.
As suggested above, try exploring some off the shelf shopping carts first to suite your needs. The cost of making a custom one will be 20x more and above, than using a pre-built one.
Basically you'll need to accept the users payments using an online credit card processor. There are 3rd party merchant accounts and your own merchant accounts for this. 3rd Party would be things like Paypal, 2checkout and others where the processors name appear on the customers credit card statement while your own merchant account will have your own companies name and offer more flexible billing options while having other downfalls such as liability for clients credit card numbers, etc.
Depending on your type of store, the volume expected and processing method you will need to find a shopping cart that can meet these expectations. Many off the shelf shopping carts with built in support for Paypal, Authorize.net, 2checkout and others.
There is lots more to cover like having SSL but this is just touching the tip of the iceberg.
Ramprage: I know I shouldn't re-invent the wheel. But I'm doing something new and I don't think similar things exist (I've searched). Thanks for the advice.
debrown: Thanks! Your link seems very useful. I was going to take a look at some bulletin board code, but those were too big. The scripts on this site look perfect . Are there any books that teach the basic concepts? What to look for, what the major volnurabilities are, etc.?
make sure every variable inserted into php is checked for sanity
Steven Ciaburri | Industry's Best Server Management- Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance