Go Premium for a chance to win a PS4. Enter to Win


Secure e-commerce Web Site

Posted on 2013-01-23
Medium Priority
Last Modified: 2014-10-18

I am looking for a good resource to help me build a secure e-commerce web site. What I looking for in a book is.

1. How to send data securely from my web site back to my SQL database behind my firewall?
2. Architecture, Proxy Server, web service?
3. Best way to enroll and create users on the site.
4. I am not looking for a hosted solution, (word press etc)
5. I am looking for ASP.Net on the front and MS SQL on the back.

I did look at some Wrox books but I really can't get a feel for them unless I go to a book store.

Any recomendation from a good book or a web site resource would be appreciated.

Thanks for the help.
Question by:kpt112
  • 2
  • 2
LVL 54

Accepted Solution

Scott Fell,  EE MVE earned 2000 total points
ID: 38811344
Have you done anything with using a dynamic site in the past?

"Secure" means multiple things.  

There is sending data over a secure connection using ssl and for the most part it is that simple.  You also need to understand one way hash's to use as a key, 2 way encrypting and decoding.

Secure also means locking down your server to use minimal ports and not using plug ins and add ons you don't fully understand.  Getting your site scanned on a quarterly basis.  Anti hacking software and practices.

Secure means storing your data where sensitive does not get stored as clear text and is encrypted.

Secure means if you are using a $4 shared hosting vs could vs dedicated.

Most of what you want to do you can find online and it will not be everything in one or five books.  

My suggestion is to start building a play site where you can add/edit/search contacts.    Next work on adding/editing/searching products.   Then adding/editing/searching invoices.   Now start adding/editing/searching manual payments.  Lastly, sign up for a developer account with payment gateway like, authorize.net and use their sandbox to place fake charges.

Don't try and do everything all at once. Master one section to your satisfaction and go to the next.  If a picture is worth a thousand words, getting your hands dirty is worth multiple books.  

I have over simplified what to work on and you will see each portion has a lot more going on than meets the eyes.  As you build you will stumble and each stumble will be a learning experience.   Everybody learns differently, but there is a disconnect to reading about it and doing it.

Author Comment

ID: 38811406
Dear Padas,

I am looking for some resources not necessarily an opinion. I will be hosting the solution on my DMZ and creating the link between the web server and the SQL server. My concern is how to connect to the database safely, Storing a connection string on a web server seems foolish to me. I want to know how to harden the connection using the securest method possible.
LVL 54

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 2000 total points
ID: 38811601
I think everything is an opinion.  Ask 10 people and you will get some good arguments for multiple ways.  

Storing a connection string on the server is  not any less secure then having a web service.  If your server is hacked into as far as getting admin access, it does not matter if you have a connection string or not.

But I do agree with you.  I am have been converting anything new as a web service so it will not matter if I am accessing via as website or native mobile.    http://blogs.msdn.com/b/mds/archive/2010/02/09/getting-started-with-the-web-services-api-in-sql-server-2008-r2-master-data-services.aspx  


I create my own keys using hashes and other data to prove the entity hitting the service is what I expect.  I learned this from how payment gateways handle data.   After using multiple payment gateways, I came up with the my own solutions.  Any book you read is going to be an opinion of that author.  We all learn in different ways.   When I started, I did a lot of reading as you are looking for, but how I work  now I couldn't have taken from any one book.  Online articles, help sites like this, reading problems others are having on multiple help sites then applying all that to my own works.   Ecommerce related to CRM, Products and Events is what I specialize in.  

Not knowing where you are, I assume by the question you are just starting out. I'm sorry if this is a wrong assumption.  But if you are, my point is this can be more overwhelming then you think once you get into each aspect.   It is best to break it down and work on each bit.  But that is what worked for me.  

Hopefully there will be others that chime in with some good advice for you.

Author Comment

ID: 38811667
Dear Padas,

 Thanks for your opinion. I will continue to field answers.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transparency shows that a company is the kind of business that it wants people to think it is.
"Disruption" is the most feared word for C-level executives these days. They agonize over their industry being disturbed by another player - most likely by startups.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question