• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Secure e-commerce Web Site


I am looking for a good resource to help me build a secure e-commerce web site. What I looking for in a book is.

1. How to send data securely from my web site back to my SQL database behind my firewall?
2. Architecture, Proxy Server, web service?
3. Best way to enroll and create users on the site.
4. I am not looking for a hosted solution, (word press etc)
5. I am looking for ASP.Net on the front and MS SQL on the back.

I did look at some Wrox books but I really can't get a feel for them unless I go to a book store.

Any recomendation from a good book or a web site resource would be appreciated.

Thanks for the help.
  • 2
  • 2
2 Solutions
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Have you done anything with using a dynamic site in the past?

"Secure" means multiple things.  

There is sending data over a secure connection using ssl and for the most part it is that simple.  You also need to understand one way hash's to use as a key, 2 way encrypting and decoding.

Secure also means locking down your server to use minimal ports and not using plug ins and add ons you don't fully understand.  Getting your site scanned on a quarterly basis.  Anti hacking software and practices.

Secure means storing your data where sensitive does not get stored as clear text and is encrypted.

Secure means if you are using a $4 shared hosting vs could vs dedicated.

Most of what you want to do you can find online and it will not be everything in one or five books.  

My suggestion is to start building a play site where you can add/edit/search contacts.    Next work on adding/editing/searching products.   Then adding/editing/searching invoices.   Now start adding/editing/searching manual payments.  Lastly, sign up for a developer account with payment gateway like, authorize.net and use their sandbox to place fake charges.

Don't try and do everything all at once. Master one section to your satisfaction and go to the next.  If a picture is worth a thousand words, getting your hands dirty is worth multiple books.  

I have over simplified what to work on and you will see each portion has a lot more going on than meets the eyes.  As you build you will stumble and each stumble will be a learning experience.   Everybody learns differently, but there is a disconnect to reading about it and doing it.
kpt112Author Commented:
Dear Padas,

I am looking for some resources not necessarily an opinion. I will be hosting the solution on my DMZ and creating the link between the web server and the SQL server. My concern is how to connect to the database safely, Storing a connection string on a web server seems foolish to me. I want to know how to harden the connection using the securest method possible.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
I think everything is an opinion.  Ask 10 people and you will get some good arguments for multiple ways.  

Storing a connection string on the server is  not any less secure then having a web service.  If your server is hacked into as far as getting admin access, it does not matter if you have a connection string or not.

But I do agree with you.  I am have been converting anything new as a web service so it will not matter if I am accessing via as website or native mobile.    http://blogs.msdn.com/b/mds/archive/2010/02/09/getting-started-with-the-web-services-api-in-sql-server-2008-r2-master-data-services.aspx  


I create my own keys using hashes and other data to prove the entity hitting the service is what I expect.  I learned this from how payment gateways handle data.   After using multiple payment gateways, I came up with the my own solutions.  Any book you read is going to be an opinion of that author.  We all learn in different ways.   When I started, I did a lot of reading as you are looking for, but how I work  now I couldn't have taken from any one book.  Online articles, help sites like this, reading problems others are having on multiple help sites then applying all that to my own works.   Ecommerce related to CRM, Products and Events is what I specialize in.  

Not knowing where you are, I assume by the question you are just starting out. I'm sorry if this is a wrong assumption.  But if you are, my point is this can be more overwhelming then you think once you get into each aspect.   It is best to break it down and work on each bit.  But that is what worked for me.  

Hopefully there will be others that chime in with some good advice for you.
kpt112Author Commented:
Dear Padas,

 Thanks for your opinion. I will continue to field answers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now