Like the title says, I would like some advice from knowledgable web developers on figuring out security issues for my e-commerce site.
I am designing the database as well as the code that communicates with the database to make changes, etc. I have a few questions, but in general a good checklist on what to do to make the security pretty tight, seeing as I will be dealing with credit cards. I will not be storing credit card numbers. Links to good places would be helpful.
My main concern is keeping the database secure. I am pretty new to web development, and I am just concerned about thst.
I do have a question about the design of a database used for online transactions. Is there a better way to make the schema than to just put all the user info into one table: ex.
customer(customerid, firstname, lastname, username, password,
address, city, country, zipcode)
Would it be better to store user credentials in another table and link them with the customerid? Sorry if I am not getting too specific, but I am new to web development and mainly have experience in offline programming. Again my main concern is security issues. If anyone has a great article on security, that would do just fine as well. Thanks for your time!
Best Answer
I'm not sure that this is something you'd want to get into for a live site - for a hobbyist project, it would be fun and a great learning experience. If you miss one simple thing in a front facing ecommerce website, your entire customer base could be compromised, and that's irreversible damage.
Like the others, working with one of the existing platforms (and making sure it is updated constantly) is a better idea if you're going to be deploying this on a live site. You should be familiar with PCI-DSS Compliance, which is a way to better protect your customer base from potential attacks.
I've personally worked quite a bit with Magento - for academic purposes, you should take a look at their schema and overall structure. The architecture is very interesting and the database structure is vast. I believe it is pretty PCI-DSS compliant out of the box, though I haven't deployed it recently.