Solved

Secure e-commerce Web Site

Posted on 2013-01-23
6
168 Views
Last Modified: 2014-10-18
Hello,


I am looking for a good resource to help me build a secure e-commerce web site. What I looking for in a book is.

1. How to send data securely from my web site back to my SQL database behind my firewall?
2. Architecture, Proxy Server, web service?
3. Best way to enroll and create users on the site.
4. I am not looking for a hosted solution, (word press etc)
5. I am looking for ASP.Net on the front and MS SQL on the back.

I did look at some Wrox books but I really can't get a feel for them unless I go to a book store.

Any recomendation from a good book or a web site resource would be appreciated.



Thanks for the help.
0
Comment
Question by:kpt112
  • 2
  • 2
6 Comments
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 38811344
Have you done anything with using a dynamic site in the past?

"Secure" means multiple things.  

There is sending data over a secure connection using ssl and for the most part it is that simple.  You also need to understand one way hash's to use as a key, 2 way encrypting and decoding.

Secure also means locking down your server to use minimal ports and not using plug ins and add ons you don't fully understand.  Getting your site scanned on a quarterly basis.  Anti hacking software and practices.

Secure means storing your data where sensitive does not get stored as clear text and is encrypted.

Secure means if you are using a $4 shared hosting vs could vs dedicated.

Most of what you want to do you can find online and it will not be everything in one or five books.  


My suggestion is to start building a play site where you can add/edit/search contacts.    Next work on adding/editing/searching products.   Then adding/editing/searching invoices.   Now start adding/editing/searching manual payments.  Lastly, sign up for a developer account with payment gateway like, authorize.net and use their sandbox to place fake charges.

Don't try and do everything all at once. Master one section to your satisfaction and go to the next.  If a picture is worth a thousand words, getting your hands dirty is worth multiple books.  

I have over simplified what to work on and you will see each portion has a lot more going on than meets the eyes.  As you build you will stumble and each stumble will be a learning experience.   Everybody learns differently, but there is a disconnect to reading about it and doing it.
0
 

Author Comment

by:kpt112
ID: 38811406
Dear Padas,


I am looking for some resources not necessarily an opinion. I will be hosting the solution on my DMZ and creating the link between the web server and the SQL server. My concern is how to connect to the database safely, Storing a connection string on a web server seems foolish to me. I want to know how to harden the connection using the securest method possible.
0
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 500 total points
ID: 38811601
I think everything is an opinion.  Ask 10 people and you will get some good arguments for multiple ways.  

Storing a connection string on the server is  not any less secure then having a web service.  If your server is hacked into as far as getting admin access, it does not matter if you have a connection string or not.

But I do agree with you.  I am have been converting anything new as a web service so it will not matter if I am accessing via as website or native mobile.    http://blogs.msdn.com/b/mds/archive/2010/02/09/getting-started-with-the-web-services-api-in-sql-server-2008-r2-master-data-services.aspx  

http://codebetter.com/raymondlewallen/2005/06/24/create-a-web-service-directly-from-sql-server-2005-using-an-http-endpoint/

I create my own keys using hashes and other data to prove the entity hitting the service is what I expect.  I learned this from how payment gateways handle data.   After using multiple payment gateways, I came up with the my own solutions.  Any book you read is going to be an opinion of that author.  We all learn in different ways.   When I started, I did a lot of reading as you are looking for, but how I work  now I couldn't have taken from any one book.  Online articles, help sites like this, reading problems others are having on multiple help sites then applying all that to my own works.   Ecommerce related to CRM, Products and Events is what I specialize in.  

Not knowing where you are, I assume by the question you are just starting out. I'm sorry if this is a wrong assumption.  But if you are, my point is this can be more overwhelming then you think once you get into each aspect.   It is best to break it down and work on each bit.  But that is what worked for me.  

Hopefully there will be others that chime in with some good advice for you.
0
 

Author Comment

by:kpt112
ID: 38811667
Dear Padas,

 Thanks for your opinion. I will continue to field answers.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

In Agile (http://en.wikipedia.org/wiki/Agile_software_development), time and again people ask this question "How would you estimate a release for a product?". When it comes from management they want to know the following: Calculate the man hours wh…
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This video discusses moving either the default database or any database to a new volume.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now