Without doubt Everyone,
New to the forums here. I’m searching for feedback from designers and web developers who freelance or be employed by companies who create sites for customers.
Have you observed customers asking about security How do you certify to customers the site you build is secure, specifically e-commerce sites
Virtually any tips
Thank you!
You’re not likely to find a great deal of information on this kind of topic, just because lots of people will keep its security measures secret (and with great reason). But locations of the stuff I do.
SSL. Should you be collecting sensitive facts, you need a single. This isn’t sometimes up for issue, either… most payment processors require one (assuming you collect payments against your site in contrast to redirecting users to a hosted payment page).
Encrypt sensitive data on the server side. In a health club prefer Triple DES encryption because it’s what the particular payment processors make use of, but that’s simply just me. It’s also possibly not my only way of security.
Don’t store plastic card info. The final four digits is usually fine, but storing the remaining info is asking for trouble. If you never store it, you’re not liable if the actual customer’s card is actually hacked.
Let your cost processor check over your blog before it moves live. This is any requirement with a lot of payment processors when they want to assure you’re protecting individual data, but if it isn’t, then do this anyway.
, underneath any circumstances, use an open source cart, whether it’s no cost or paid unless you’re prepared to heavily customize it to avoid security breaches (in which often case, you might as well build your private scratch cart anyway). They are the ones hackers love for the reason that reward is greater with the effort involved.
The other cause of a scratch cart is that a majority of products require some customization and thus your cart should be able to allow for this. But that’s not security therefore.
Have a hacker endeavor to hack the cart if you can. This is difficult, though… you have to trust the hacker enough to see you what it truly is (s)he saw, yet you also have to hire a hacker that has a high degree regarding ability. I wouldn’t worry an excessive amount of about this 1, though.
Exciting. Would you consider the information i collect within the free forum order forum being sensitiv info
Do you think you’re collecting credit card info Or, I’d say " fewer sensitive"… you do not have to use an SSL, but it should be stored in some sort of database with some form of a password program.
There can be no database. (I have to have help making a single lol)… the form is merely emailed to my own hotmail.
There probably ought to be. Why would people not automate accomplishing this of forum creation Why take action all manually when you won’t have to
I would love to automate the community forum creation process. I just have no clue how to get it done!
It would involve:
-Creating a folder to the forum
-Creating the subdomain to level to it
-Install MyBB
-Make my personal " shovenose" admin account on the forum
-Make the MySQL database
-Set the cookie paths properly
How would I go about doing that
You should have to prepare a script to try and do all of this. What I would do generally speaking is to make a file for each of those steps and then have that document called using a include. Make sure step 1 works, then continue to step ONLY TWO. Then 3, SEVERAL, 5, and A FEW.
At this point, how you achieve that… well, I have no idea because PHP can be my " third" server-side terms behind ASP and. NET. But what We’d suggest is provide this out, see how far you can receive, and then request help on others of it. Mare will be able to help you, if no one else can.
I am going to create a seperate line abot it.
I do believe security goes a long way beyond just SSL. For example, how do a person protect against widespread attacks like shots, or XSS Relating to found most developers don’t have a tendency to code securely, and am asking yourself if customers have been demanding this currently or also don’t tend considering it.
Thus far, I have found that most end customers don’t seem to understand security, but that’s something I would really prefer to change
also to the forum question, receptive or not, you need to be careful about people today injecting viruses into your forum. Keeping an wide open source forum current usually prevents recognized attacks, but new attacks which come out may hit your site now and then. Patching in this particular case is crucial.
I’ve kind of built it in my code because I went around, so I don’t think about it. Relating to functions and subs which have been designed to create queries that reduce against that form of thing and it is never (knock on wood) happened to my advice.
TheGame, maybe you have considered security checking your site(s) or seeing whenever they are vulnerable utilizing an automated tester
Had it done to me on a couple of occasion so I aren’t required to, including once by way of major Canadian financial institution. They sent a new hacker that used an instrument that I jammed up much that he could not even identify my own server OS (I’m not really talking the edition, I’m talking this type).
Therefore to answer your question, no, MY SPOUSE AND I haven’t.