most secure web programming language?
Thread Starter
Former Vendor
iTrader: (52)
Joined: Nov 2002
Posts: 6,912
From: San Jose, CA
Car Info: Evo X
most secure web programming language?
So my current site is php based w/ My SQL as well. If I want to implement some online shopping cart stuff, what is the best way to go about it?
Should I start from scratch? If yes, what language is most secure? If not, are there any modules I can download/purchase/use?
Leo
Should I start from scratch? If yes, what language is most secure? If not, are there any modules I can download/purchase/use?
Leo
Thread Starter
Former Vendor
iTrader: (52)
Joined: Nov 2002
Posts: 6,912
From: San Jose, CA
Car Info: Evo X
Looks like my web server provides these for free... any good?
Originally Posted by CubeCart
Short description: An easy to use yet powerful shopping cart featuring unlimited categories and products, multiple payment gateways, downloadable products. The design is very easy to modify.
Homepage: http://www.cubecart.com/
CubeCart support forum
(We are not associated with the support forum)
Purchase license to remove copyright:
https://www.cubecart.com/site/purchase/
New Installation (3.0.17)
Disk space required: 9.23 MB
Disk space available: 349539.5 MB
Homepage: http://www.cubecart.com/
CubeCart support forum
(We are not associated with the support forum)
Purchase license to remove copyright:
https://www.cubecart.com/site/purchase/
New Installation (3.0.17)
Disk space required: 9.23 MB
Disk space available: 349539.5 MB
Originally Posted by OS Commerce
Short description: A power-user shopping cart with a big variety of modules and support of almost every payment gateway. A big developers community is ready to offer custom solutions depending on your needs.
Homepage: http://oscommerce.com/
OS Commerce support forum
(We are not associated with the support forum)
buySAFE
buySAFE Description: The buySAFE module is included with this version of osCommerce. buySAFE is free for online merchants to use. buySAFE will provide you with an explicit third-party endorsement of merchant reliability and trustworthiness, backed by a bond guarantee. buySAFE has been proven to increase buyer confidence by providing Certified Merchants with the buySAFE Seal for display on their website and by enabling shoppers to guarantee their purchase with a bond. Install the latest version of osCommerce to gain access to the free buySAFE module.
Homepage: http://www.buysafe.com/offer_osc
Notice: 2.2 MS2 (060817) with buySAFE includes the buySAFE module as described here.
Warning: buySAFE is not compatible with neither safe_mode nor open_basedir. Please see the following page for more details: http://techsupport.buysafe.com/
New Installation (2.2 Release Candidate 2a + buySAFE)
Disk space required: 6.96 MB
Disk space available: 349539.5 MB
Homepage: http://oscommerce.com/
OS Commerce support forum
(We are not associated with the support forum)
buySAFE
buySAFE Description: The buySAFE module is included with this version of osCommerce. buySAFE is free for online merchants to use. buySAFE will provide you with an explicit third-party endorsement of merchant reliability and trustworthiness, backed by a bond guarantee. buySAFE has been proven to increase buyer confidence by providing Certified Merchants with the buySAFE Seal for display on their website and by enabling shoppers to guarantee their purchase with a bond. Install the latest version of osCommerce to gain access to the free buySAFE module.
Homepage: http://www.buysafe.com/offer_osc
Notice: 2.2 MS2 (060817) with buySAFE includes the buySAFE module as described here.
Warning: buySAFE is not compatible with neither safe_mode nor open_basedir. Please see the following page for more details: http://techsupport.buysafe.com/
New Installation (2.2 Release Candidate 2a + buySAFE)
Disk space required: 6.96 MB
Disk space available: 349539.5 MB
Originally Posted by Zen Car
Short description: Zen Cart truly is the art of e-commerce; a free, user-friendly, open source shopping cart system. The software is being developed by group of like-minded shop owners, programmers, designers, and consultants that think e-commerce could be and should be done differently.
Homepage: http://www.zen-cart.com/
Zen Cart support forum
(We are not associated with the support forum)
The developers of Zen Cart are thankful for any donation which will ensure the further development of this application.
New Installation (1.3.8a)
Disk space required: 14.52 MB
Disk space available: 349539.5 MB
Homepage: http://www.zen-cart.com/
Zen Cart support forum
(We are not associated with the support forum)
The developers of Zen Cart are thankful for any donation which will ensure the further development of this application.
New Installation (1.3.8a)
Disk space required: 14.52 MB
Disk space available: 349539.5 MB
what is the issue?
er... what part are you most concerned about? credit card info?
any language can be hacked.
any server can be hacked.
what makes a great server is how the programmer implements everything...
er... what part are you most concerned about? credit card info?
any language can be hacked.
any server can be hacked.
what makes a great server is how the programmer implements everything...
Thread Starter
Former Vendor
iTrader: (52)
Joined: Nov 2002
Posts: 6,912
From: San Jose, CA
Car Info: Evo X
yeah, I guess CC info is my biggest concern...
So there is a *possibility* of me selling *something* and just want to make sure things are nice and secure, namely CC and customer info.
Leo
So there is a *possibility* of me selling *something* and just want to make sure things are nice and secure, namely CC and customer info.
Leo
2 things to consider when going e-commerce.
1. consider going with a established "vendor" of services. most people hate paycrap... paypal. especially gun owners.
but they have a solid API which a programmer can hook into.
plus it's convenient.
2. to me, anytime something secured is needed, a VALID SSL certificate is needed otherwise, i bail.
that way, all traffic between me and the server is encoded. but thee days, anyone can issue a certificate. that's why verisign, thawte, and others make their money from.
so if you are gonna roll your own, spend the money for certificate from a known place.
1. consider going with a established "vendor" of services. most people hate paycrap... paypal. especially gun owners.
but they have a solid API which a programmer can hook into.
plus it's convenient.
2. to me, anytime something secured is needed, a VALID SSL certificate is needed otherwise, i bail.
that way, all traffic between me and the server is encoded. but thee days, anyone can issue a certificate. that's why verisign, thawte, and others make their money from.
so if you are gonna roll your own, spend the money for certificate from a known place.
Thread Starter
Former Vendor
iTrader: (52)
Joined: Nov 2002
Posts: 6,912
From: San Jose, CA
Car Info: Evo X
Thread Starter
Former Vendor
iTrader: (52)
Joined: Nov 2002
Posts: 6,912
From: San Jose, CA
Car Info: Evo X
okay, I am not very familiar with this whole e-commerce thing. What do you mean by "vendor" of service? I am sure I'll have paypal, visa, and mc capabilities on my site.
SSL certificate from a known place? I'll try to search and read up a little more on this SSL thing.
Thanks!
SSL certificate from a known place? I'll try to search and read up a little more on this SSL thing.
Thanks!
2 things to consider when going e-commerce.
1. consider going with a established "vendor" of services. most people hate paycrap... paypal. especially gun owners.
but they have a solid API which a programmer can hook into.
plus it's convenient.
2. to me, anytime something secured is needed, a VALID SSL certificate is needed otherwise, i bail.
that way, all traffic between me and the server is encoded. but thee days, anyone can issue a certificate. that's why verisign, thawte, and others make their money from.
so if you are gonna roll your own, spend the money for certificate from a known place.
1. consider going with a established "vendor" of services. most people hate paycrap... paypal. especially gun owners.
but they have a solid API which a programmer can hook into.
plus it's convenient.
2. to me, anytime something secured is needed, a VALID SSL certificate is needed otherwise, i bail.
that way, all traffic between me and the server is encoded. but thee days, anyone can issue a certificate. that's why verisign, thawte, and others make their money from.
so if you are gonna roll your own, spend the money for certificate from a known place.
if you are going to use PP, then you dont have to worry about CCs...
since they take care of that mess.
all your website will do, is pass on the control to PP.
the customer does his/her thing.
once they hit the PAY button, PP then processes the transaction and passes the control back to your site.
at that point, i dont exactly know how PP "pays" you.
IIRC< the open source ECOMMERCE package has hooks already built into it for PP.
and at this point, a certificate isnt needed...
are you your own webmaster?
since they take care of that mess.
all your website will do, is pass on the control to PP.
the customer does his/her thing.
once they hit the PAY button, PP then processes the transaction and passes the control back to your site.
at that point, i dont exactly know how PP "pays" you.
IIRC< the open source ECOMMERCE package has hooks already built into it for PP.
and at this point, a certificate isnt needed...
are you your own webmaster?
Buy a service; don't try to code it yourself. Designing and coding e-commerce web sites that are both well designed and secure is tricky and time consuming. Especially the part where you manage payment information. And you don't want to have to write or maintain any infrastructure that's subject to PCI DSS. Anyone who tells you that coding it all up securely is "easy" is either out of your price range or, more likely, has no idea.
There are plenty of options that will still allow you some flexibility in site design without taking on the burden of coding., including handling credit card payments.
There are plenty of options that will still allow you some flexibility in site design without taking on the burden of coding., including handling credit card payments.
edit... not eCommerce...
but OSCOmmerce...
http://addons.oscommerce.com/info/2679
linky with PP add-on...
but OSCOmmerce...
http://addons.oscommerce.com/info/2679
linky with PP add-on...
Thread Starter
Former Vendor
iTrader: (52)
Joined: Nov 2002
Posts: 6,912
From: San Jose, CA
Car Info: Evo X
So what you are saying is, i'll take care of the shopping cart, pass the total amount to PP, and PP will take care of all the payment stuff including security, then pass it back to me with some kind of confirmation? Yes, I am my own webmaster.
do you mean to hire a programmer to do this or purchase an existing ecommerce module like the ones I listed above?
if you are going to use PP, then you dont have to worry about CCs...
since they take care of that mess.
all your website will do, is pass on the control to PP.
the customer does his/her thing.
once they hit the PAY button, PP then processes the transaction and passes the control back to your site.
at that point, i dont exactly know how PP "pays" you.
IIRC< the open source ECOMMERCE package has hooks already built into it for PP.
and at this point, a certificate isnt needed...
are you your own webmaster?
since they take care of that mess.
all your website will do, is pass on the control to PP.
the customer does his/her thing.
once they hit the PAY button, PP then processes the transaction and passes the control back to your site.
at that point, i dont exactly know how PP "pays" you.
IIRC< the open source ECOMMERCE package has hooks already built into it for PP.
and at this point, a certificate isnt needed...
are you your own webmaster?
Buy a service; don't try to code it yourself. Designing and coding e-commerce web sites that are both well designed and secure is tricky and time consuming. Especially the part where you manage payment information. And you don't want to have to write or maintain any infrastructure that's subject to PCI DSS. Anyone who tells you that coding it all up securely is "easy" is either out of your price range or, more likely, has no idea.
There are plenty of options that will still allow you some flexibility in site design without taking on the burden of coding., including handling credit card payments.
There are plenty of options that will still allow you some flexibility in site design without taking on the burden of coding., including handling credit card payments.
