Secure e-commerce Web Site

Posted on 2013-01-23
Last Modified: 2014-10-18

I am looking for a good resource to help me build a secure e-commerce web site. What I looking for in a book is.

1. How to send data securely from my web site back to my SQL database behind my firewall?
2. Architecture, Proxy Server, web service?
3. Best way to enroll and create users on the site.
4. I am not looking for a hosted solution, (word press etc)
5. I am looking for ASP.Net on the front and MS SQL on the back.

I did look at some Wrox books but I really can't get a feel for them unless I go to a book store.

Any recomendation from a good book or a web site resource would be appreciated.

Thanks for the help.
Question by:kpt112
  • 2
  • 2
LVL 52

Accepted Solution

Scott Fell,  EE MVE earned 500 total points
ID: 38811344
Have you done anything with using a dynamic site in the past?

"Secure" means multiple things.  

There is sending data over a secure connection using ssl and for the most part it is that simple.  You also need to understand one way hash's to use as a key, 2 way encrypting and decoding.

Secure also means locking down your server to use minimal ports and not using plug ins and add ons you don't fully understand.  Getting your site scanned on a quarterly basis.  Anti hacking software and practices.

Secure means storing your data where sensitive does not get stored as clear text and is encrypted.

Secure means if you are using a $4 shared hosting vs could vs dedicated.

Most of what you want to do you can find online and it will not be everything in one or five books.  

My suggestion is to start building a play site where you can add/edit/search contacts.    Next work on adding/editing/searching products.   Then adding/editing/searching invoices.   Now start adding/editing/searching manual payments.  Lastly, sign up for a developer account with payment gateway like, and use their sandbox to place fake charges.

Don't try and do everything all at once. Master one section to your satisfaction and go to the next.  If a picture is worth a thousand words, getting your hands dirty is worth multiple books.  

I have over simplified what to work on and you will see each portion has a lot more going on than meets the eyes.  As you build you will stumble and each stumble will be a learning experience.   Everybody learns differently, but there is a disconnect to reading about it and doing it.

Author Comment

ID: 38811406
Dear Padas,

I am looking for some resources not necessarily an opinion. I will be hosting the solution on my DMZ and creating the link between the web server and the SQL server. My concern is how to connect to the database safely, Storing a connection string on a web server seems foolish to me. I want to know how to harden the connection using the securest method possible.
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 500 total points
ID: 38811601
I think everything is an opinion.  Ask 10 people and you will get some good arguments for multiple ways.  

Storing a connection string on the server is  not any less secure then having a web service.  If your server is hacked into as far as getting admin access, it does not matter if you have a connection string or not.

But I do agree with you.  I am have been converting anything new as a web service so it will not matter if I am accessing via as website or native mobile.

I create my own keys using hashes and other data to prove the entity hitting the service is what I expect.  I learned this from how payment gateways handle data.   After using multiple payment gateways, I came up with the my own solutions.  Any book you read is going to be an opinion of that author.  We all learn in different ways.   When I started, I did a lot of reading as you are looking for, but how I work  now I couldn't have taken from any one book.  Online articles, help sites like this, reading problems others are having on multiple help sites then applying all that to my own works.   Ecommerce related to CRM, Products and Events is what I specialize in.  

Not knowing where you are, I assume by the question you are just starting out. I'm sorry if this is a wrong assumption.  But if you are, my point is this can be more overwhelming then you think once you get into each aspect.   It is best to break it down and work on each bit.  But that is what worked for me.  

Hopefully there will be others that chime in with some good advice for you.

Author Comment

ID: 38811667
Dear Padas,

 Thanks for your opinion. I will continue to field answers.

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Charging for Agile Project 1 90
WEB Farm 6 74
Reseller Hosting 2 120
How code a 301 redirect for folder files -> 1 file 2 58
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
In order to have all security and back ups taken care of, WordPress users can sign up for services with WP Engine.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question