j.smith1981 Posted December 15, 2011 Share Posted December 15, 2011 Hi there, I have been pondering doing some kind of e-commerce solution of my own at some point but before I want to start on this, what in the sense of security should I be considering if I want to possibly charge people for downloading this? I am more interested in the security aspect at the moment and would love to get your opinions, not actual work of course this would be entirely my own but is there any good tutorials on the web to touch on such projects in the sense of security though? I mean just any feedback is greatly appreciated, it's just I have been pondering this for ages since I work in e-commerce and would love to develop one possibly over the winter break, if anything just HTML eventually going into CSS and maybe some other nice technologies I think might be useful. I mean just for now though I want to concentrate on the security side like how's the best way to make a check out based on security aspects, so one can't go in there and grab a persons address (I know it's like locking your door someone can still break in if they break the door down as such), but it would just be really interesting. Any replies are massively appreciated in advance, Jeremy. Quote Link to comment https://forums.phpfreaks.com/topic/253255-ecommerce-self-project-idea-concerned-about-security-just-concepts-need-advice/ Share on other sites More sharing options...
dadamssg87 Posted December 18, 2011 Share Posted December 18, 2011 well you shouldn't be storing ANY billing information in your database at all. ever. There are PCI-compliant(credit card compliance standards) payment gateways that can do this for you(authorize.net's CIM) if you really need it. The typical workflow will be: user adds item to cart, user enters in billing info, your app validates the data and then passes this data to a payment gateway(authorize.net), the payment gateway will send back a response(XML), your app reads the response, redisplays the payment form if unsuccessful, sends them to a thank you page if successful. Obviously you'll need an SSL certificate and something other than shared hosting. Private server or virtual private server. Quote Link to comment https://forums.phpfreaks.com/topic/253255-ecommerce-self-project-idea-concerned-about-security-just-concepts-need-advice/#findComment-1299037 Share on other sites More sharing options...
scootstah Posted December 19, 2011 Share Posted December 19, 2011 Use AES encryption on billing information and you should be okay - as long as your actual system is secure. Keep packages updated. Change passwords frequently. Don't store credit card information if you don't have to. Don't use shared hosting. Quote Link to comment https://forums.phpfreaks.com/topic/253255-ecommerce-self-project-idea-concerned-about-security-just-concepts-need-advice/#findComment-1299126 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.