How to make site secure?

boots_babe · 30 May 2006 at 5:57PM

Hi everyone,

Apologies if this is a stupid question... I'm setting up my own website and need to ensure it is secure. For taking payments I'll look into WorldPay etc so I am not concerned about that.

However, I need to ensure that my database is secure - how do I go about that? I already have an outline of the functionality I've written using Perl CGI, but could rewrite to Java if necessary. I am happy with writing the functionality for what I need, but need to be sure that all transactions with the database are secure as I wouldn't want expose any personal data!

Can anyone point me in the right direction as not sure where to start, never done anything with security before.

Thanks.

Darksun · 30 May 2006 at 8:19PM

Google for 'secure perl', there are some good guides to writing secure code with perl. Also make sure you keep up to date with all security patches for software on your server.

hobo28 · 30 May 2006 at 8:21PM

If you can, run the database on another server which cannot be accessed via the Internet. Then if your web server is compromised, the contents of the database is still secure on another server.

Astaroth · 30 May 2006 at 8:22PM

Are you talking about secure as in "password protected" or are you talking about a https:// encrypted/secure connection?

boots_babe · 30 May 2006 at 8:43PM

Thanks for the quick replies. In reply to Astaroth, I guess I'll need both, although I suppose that whichever db server I use will have a password anyway. I am really after making sure that anywhere that users input personal data e.g. whist registering a new account or logging in, whilst that is transmitted to the database it is secure.

I'll also need to have a secure login to the website so that users can access their account, although I'm hoping that'll be fairly easy to sort out with a bit of research.

I will have a look for 'secure perl' on Google and see what I can come up with.

Thanks again.

Astaroth · 30 May 2006 at 8:58PM

So what you need is a webhost that offers SSL space. Some will allow you to share a security certificate with other sites on their server but this can mean the user gets a warning that there is a mismatch between the certificate and your site. The other option is to pay for your own certificate. This will encrypt the data going from your site to the end user and again when the user enters their details and submits it to your site. Most places charge in the region of £75 a year for this.

CGI is a fairly outdated technology though, if you know java then JSP would probably be a better route though hosting for it is much rarer than PHP or ASP/ ASP.Net and therefore more expensive.

boots_babe · 30 May 2006 at 9:10PM

Thanks again Astaroth. I originally wrote it in Perl just for fun really, because I had done a few Perl scripts at work and wanted to see if I could do my site in that, rather than Java. But now that I am looking to set up a web site to make some money and am serious about it, I can rewrite if this is more sensible.

Sounds like you're saying hosting for PHP would be cheaper than JSPs? I will have to look into that as I am not against using a new language if it is best in the long run. Is there any particular reason I shouldn't use Perl CGI, other than it being somewhat old?

Hope you don't think I sound too hopeless, I have a general idea of web pages but not so much of details like this. I appreciate your help

Astaroth · 30 May 2006 at 9:21PM

PHP & MySQL are the most common combination on the net and are very cheap when it comes to hosting. As someone who knows Java/ perl it shouldnt be too big a move. Perl/ CGI wasnt really made for the web and is now seen as a dying technology. PHP was originally based on perl/CGI but as effectively a rewrite to make it more web friendly.

I cant go into too much more detail as I was always a VB/ VBScript person and so went down the ASP route and now do ASP.Net - .Net is a very good frame work and can in theory be written in any language but by default the MS servers support VB and C# (if you went down this route and dont know either certainly go for C#)

boots_babe · 30 May 2006 at 9:31PM

Thanks for that reply, you've been really helpful. Since my last post I've started looking into PHP and I certainly see what you mean about the costs involved! I think it's looking already as though this may be the way to go. I'll look into it some more and take it from there.

Thanks again.

Astaroth · 30 May 2006 at 9:33PM

If you looking at hosting I would recommend dataflame.co.uk as having a good balance between performance and price with strong after sales support. They offer both windows and linux hosting so can do either PHP or ASP/ ASP.net which ever your choice is.

I havent used their SSL though so cannot comment on their solution for that.

wolfman · 30 May 2006 at 9:51PM

Astaroth wrote:

PHP & MySQL are the most common combination on the net and are very cheap when it comes to hosting.

In terms of bluechips .Net is the most common. I think out of the fortune 1,000 something like 60-70% use IIS and ASP or .Net.

PHP/MySql is still a very good platform to develop with. Namely due to the cheaper hosting and free applications that surround it.

I personally use .Net professionally. It's very easy to get into as there are an array of free tools such as Visual Studio Express, Visual Sql Server Express, Codesmith v2.6 and nUnit that can make developing feature rich applications very quick and easy.

The only draw back is that you're restricted to a Microsoft platform and IIS. Having said that though, there are ways of getting Apache to run .Net and there is a project (Mono) that allows .Net development on Linux and Mac's.

How to make site secure?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free