Question
Web site security can be complicated. Most hobbist web designers prefer not to think about it. They rent their web space and decide that security it the host's problem. Then they stick their fingers in their ears with a la-la-la-la-la-I-can't-hear-you attitude.
Web site security is important from two perspectives: the buyer and the seller.
With buyers, perception is all. It doesn't matter how secure your site is if it doesn't look secure to the buyer.
The easiest and best way to understand what buyers expect is to keep up with what they are reading on the net. Here's a couple of articles from Microsoft about safe online buying:
http://www.microsoft.com/windows/ie/.../shopping.mspx
http://www.microsoft.com/windows/ie/...ingsafety.mspx
A good webmaster should be confident that the information contained in articles like these doesn't throw up roadblocks for his customers.
From the seller's perspective, the most worrisome part is keeping information safe from hackers. Here's a very good article about the two most common web site hacks, injection and insertion attacks. For those with little or no knowledge of scripting language, the reading might be rough going, but it's worth your time. Skip the specific code examples, and absorb the general principles.
Start here: http://www.pdweb101.com/security/tra..._security.html and read the next few pages. This site is geared toward law enforcement databases, but the principles are the same for any database website. The information is by no means comprehensive, but it's enough to stop the casual hacker.
Two more things you should do:
1. Keep the database out of the public section of the website, even if you think no one can find it. Better to keep it one step removed if possible. Keep sensitive information, like CC information, encrypted.
2. Make the effort to craft custom error pages. The generic error pages provided by the server software can give away enough information that a hacker knows which attacks might work on your site.
Answer
I'm brain fried!
Thanks for sharing the article. I'm trying to assimilate the important parts.
To show you what a novice I am, could you tell me what php stands for?
Thanks Jayne!
Answer
PHP, oddly enough, stands for "PHP: Hypertext Preprocessor".