Security for an auction site
Posted: Fri Sep 24, 2004 7:19 am
I am currently building an auction site and am seriously thinking about the security i should employ.
I have a few questions.
1) Obviously i will be behind an SSL environment for the site, but is it only need for logging in and when inputting / sending sensitive information such as payment details or should i put the whole site behind SSL?
2) For cookies would you recommend a checksum for each cookie which is validated against a database? This way i would'nt need to store the password in the cookie and could validate agaoinst the checksum and username combo
3) Sesssions, Is there anything i should do out of the ordinary?
4) Url's, I currently use URL's like this -: "item.php?id=3243"
should i be doing it another way as i see sites like MSN (high security sites) utilise a much longer gobbledy gook string?
I think thats it, any replies wuld be great.
Mal
I have a few questions.
1) Obviously i will be behind an SSL environment for the site, but is it only need for logging in and when inputting / sending sensitive information such as payment details or should i put the whole site behind SSL?
2) For cookies would you recommend a checksum for each cookie which is validated against a database? This way i would'nt need to store the password in the cookie and could validate agaoinst the checksum and username combo
3) Sesssions, Is there anything i should do out of the ordinary?
4) Url's, I currently use URL's like this -: "item.php?id=3243"
should i be doing it another way as i see sites like MSN (high security sites) utilise a much longer gobbledy gook string?
I think thats it, any replies wuld be great.
Mal