Secure e-commerce Web Site

Posted on 2013-01-23
Last Modified: 2014-10-18

I am looking for a good resource to help me build a secure e-commerce web site. What I looking for in a book is.

1. How to send data securely from my web site back to my SQL database behind my firewall?
2. Architecture, Proxy Server, web service?
3. Best way to enroll and create users on the site.
4. I am not looking for a hosted solution, (word press etc)
5. I am looking for ASP.Net on the front and MS SQL on the back.

I did look at some Wrox books but I really can't get a feel for them unless I go to a book store.

Any recomendation from a good book or a web site resource would be appreciated.

Thanks for the help.
Question by:kpt112
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 52

Accepted Solution

Scott Fell,  EE MVE earned 500 total points
ID: 38811344
Have you done anything with using a dynamic site in the past?

"Secure" means multiple things.  

There is sending data over a secure connection using ssl and for the most part it is that simple.  You also need to understand one way hash's to use as a key, 2 way encrypting and decoding.

Secure also means locking down your server to use minimal ports and not using plug ins and add ons you don't fully understand.  Getting your site scanned on a quarterly basis.  Anti hacking software and practices.

Secure means storing your data where sensitive does not get stored as clear text and is encrypted.

Secure means if you are using a $4 shared hosting vs could vs dedicated.

Most of what you want to do you can find online and it will not be everything in one or five books.  

My suggestion is to start building a play site where you can add/edit/search contacts.    Next work on adding/editing/searching products.   Then adding/editing/searching invoices.   Now start adding/editing/searching manual payments.  Lastly, sign up for a developer account with payment gateway like, and use their sandbox to place fake charges.

Don't try and do everything all at once. Master one section to your satisfaction and go to the next.  If a picture is worth a thousand words, getting your hands dirty is worth multiple books.  

I have over simplified what to work on and you will see each portion has a lot more going on than meets the eyes.  As you build you will stumble and each stumble will be a learning experience.   Everybody learns differently, but there is a disconnect to reading about it and doing it.

Author Comment

ID: 38811406
Dear Padas,

I am looking for some resources not necessarily an opinion. I will be hosting the solution on my DMZ and creating the link between the web server and the SQL server. My concern is how to connect to the database safely, Storing a connection string on a web server seems foolish to me. I want to know how to harden the connection using the securest method possible.
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 500 total points
ID: 38811601
I think everything is an opinion.  Ask 10 people and you will get some good arguments for multiple ways.  

Storing a connection string on the server is  not any less secure then having a web service.  If your server is hacked into as far as getting admin access, it does not matter if you have a connection string or not.

But I do agree with you.  I am have been converting anything new as a web service so it will not matter if I am accessing via as website or native mobile.

I create my own keys using hashes and other data to prove the entity hitting the service is what I expect.  I learned this from how payment gateways handle data.   After using multiple payment gateways, I came up with the my own solutions.  Any book you read is going to be an opinion of that author.  We all learn in different ways.   When I started, I did a lot of reading as you are looking for, but how I work  now I couldn't have taken from any one book.  Online articles, help sites like this, reading problems others are having on multiple help sites then applying all that to my own works.   Ecommerce related to CRM, Products and Events is what I specialize in.  

Not knowing where you are, I assume by the question you are just starting out. I'm sorry if this is a wrong assumption.  But if you are, my point is this can be more overwhelming then you think once you get into each aspect.   It is best to break it down and work on each bit.  But that is what worked for me.  

Hopefully there will be others that chime in with some good advice for you.

Author Comment

ID: 38811667
Dear Padas,

 Thanks for your opinion. I will continue to field answers.

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question