Commerce Site Advice

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
paqman
Forum Contributor
Posts: 125
Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada

Commerce Site Advice

Post by paqman »

I'm designing a website for a client to sell prints of photos online. I've created a number of php sites already, and have taken a few programming classes, so I'd like to think my coding is fairly decent. However, I haven't had any formal php training - it's all been off the internet. The site has an ssl certificate and is pretty secure.

My question is about processing payments. Paypal offers the option of sending visitors to their site and dealing with it all, or adding code to your site so the payment goes to them, but you can keep all the data yourself. I'm wondering if it would be a huge security risk to take on making my own shopping cart system, as well as database for storing it all. Like I said, the code is pretty damn secure, but it's all self-taught. Advice would greatly be appreciated (as well as articles on this topic). Thanks.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Commerce Site Advice

Post by Christopher »

Either way should be fine, but do not store credit card numbers in your database. As long as you leave the actual credit card information all on the PayPal site you should be ok.

Also, I would suggest not thinking that your site is "pretty secure." Hackers know more about exploits that you can every know, so stay very paranoid. Assume you can get hacked and try to limit the possible damage at every turn.
(#10850)
Post Reply