|
-
August 14th, 2003, 11:46 PM
#1
Member
online business
my uncle is starting a web page programmed in cold fuson and im worried about hackers. i think he is going to get hacked quite frequently because of the content of the web site. He sends people movies to their account and i was wondering if there was any cryptology programs that work(or dont work) to keep accounts from getting stolen and for keeping peoples privacy.
You laugh because im different, i laugh because your all the same.
-
August 14th, 2003, 11:51 PM
#2
Senior Member
you could use SSL encryption if his server allows it
-
August 15th, 2003, 12:06 AM
#3
Encryption is 1 thing that should be looked into... But there are also many other aspects that need to be explored?
What customer details are going to be collected?
Where are these details going to be stored? (ie. on the Webserver, or a backend server).
What webserver are you running, and what is the OS?
You need to ensure that your own ass is covered, as you are potentially storing information that, if effect, doesnt belong to you. If this info get stolen or compromised, you can be held responsible.
You also need harden the Webserver and the OS Platform... Who is going to buy online from a webserver that has a main page of "Haxx0r3d 6y +h3 133+ Cr3\/\/"???
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
August 15th, 2003, 04:07 AM
#4
you could use SSL encryption if his server allows it
You mean, Website Admin.
Just like what SoggyBottom said don't have a page, that has "Hack" or "Leet" in it, because it tends to be "hacked" more offen then Movies.com, and so on.
-
August 15th, 2003, 12:07 PM
#5
also you can get third part companies that will handle all credit card transactions for you - that way no customer details are storred on your server so your unkle would not be liable if someone did get hold of any of them - also these companies would be able to do verification checks etc to ensure that the crads people are using are valid so he aint getting swindled either
v_Ln
-
August 15th, 2003, 02:39 PM
#6
Storing user data on a web server is a bad idea, just as storing unencrypted credit card information on your database is a bad idea. If you are doing online transactions you are best off trying to get a cc processor to do real time auth's for you and never storing anything more than a hash of the cc# or a first 4/last 4 span of the number for auditing/reporting purposes.
There is an excellent book on the subject of building an e-commerce system called: Designing Systems for Internet Commerce, Second Edition.
It runs you through everything you'll need to know.
Another book to check out is :Web Security, Privacy & Commerce, 2nd Edition by oreilly.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
