sh0wtym3 Posted July 20, 2012 Share Posted July 20, 2012 Hey all, I'm setting up a shopping cart for a website, and I've installed an SSL certificate so the credit card information will be taken on a secure encrypted https connection. So far everything is working fine. The shopping cart will be communicating with a paypal API. This is my first time building an eCommerce website, and I wanted to know if there's any security precautions I should be aware of? Am I good to go with just a secure connection? I'm also redirecting all http requests to https on the checkout page through the .htaccess file, to make sure no user accidentally ends up filling out their credit card information on an unsecure connection. Quote Link to comment Share on other sites More sharing options...
scootstah Posted July 21, 2012 Share Posted July 21, 2012 As long as you're using something like PayPal to process the cards, you should be okay. But, don't store any card information on your own servers. If you have to ask, you don't have the experience to do that safely. Quote Link to comment Share on other sites More sharing options...
sh0wtym3 Posted July 21, 2012 Author Share Posted July 21, 2012 Ok thanks. And I won't, I'll only be storing non-cc info in the database (name, address, phone, email) Quote Link to comment Share on other sites More sharing options...
xyph Posted July 22, 2012 Share Posted July 22, 2012 Get a security professional, or a couple good eyes to audit your code. If someone gets in and modifies the action of your form, or finds an XSS hole to do the same, your SSL cert won't help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.