what steps needed to setup a secure page

geeza · 10 Feb 2007 at 10:21

I have a mate who is building a database in oracle and we require a secure payment page, like the sort of thing when the SSL padlock comes up when you buy things. What steps are needed to get a page like this to work so a page is secure?

I have found this site but it says you need to register an account and such http://support.internetconnection.n..._NETSHOP/SSL_Secure_Sockets_Layer_Forms.shtml

or is it just the php connection to the database that needs to be written in a way that it is secure??

two of the points I have to cover are -
9. Authentication with PHP and MySQL
10. Secure transactions with PHP and MySQL

How do I go about doing this when we have our database in oracle (because our database guy is being taught in oracle)

Immsy · 10 Feb 2007 at 10:37

You would need an SSL certificate for one thing.

Fr0dders · 10 Feb 2007 at 10:58

which you will have to pay for

unless you've got a very experienced developer, i'd recommend buying an off the shelf payment processing system

creating a secure connection between your data input and your database is one thing. Creating a secure payment processing system for an on-line shop is a completely different kettle of fish.

You can buy software that will integrate into your current website, and do all the payment processing for you. As well as handle baskets, fraud referalls etc..

They also include your certificate so you can run SSL encryption.

with on-line shops, the encryption is the traffic to the banks to authorise the transaction, not the database. Since people cant pay by cash over the net, all your payments will be by cards. which will need authorising. And unless you intend on punching all of these numbers in manually to a PDQ machine. You're best off with a proper payment processing system.

geeza · 10 Feb 2007 at 14:01

thansk for the replies. sounds too hard for a bsc project along with numerous other things -

1) Create an effective stock system
2) create a website where the company will be able to advertise their
products and see stock availability AND WHICH ENABLES CUSTOMERS TO
PURCHASE ITEMS DIRECT.
3) Create a website with an E payments system
4) create user account history page where the user will be
able to view open and close problems as well as viewing previous
purchases.
5) create an efficient customer RELATIONS MANAGEMENT SYSTEM VIA WHICH
CUSTOMERS AND STAFF CAN TRACK FULFILMENT ISSUES

Fr0dders · 10 Feb 2007 at 14:56

are you being asked to create an e payment website as part of your degree project ?

if so what bsc degree are you taking out of interest ?

geeza · 10 Feb 2007 at 15:29

MrLOL said:
are you being asked to create an e payment website as part of your degree project ?

if so what bsc degree are you taking out of interest ?

no not really, 2 of us just have to cover it as part of one of our core module outcomes (Bsc business computing)

theres 5 out of 8 different units to cover.

Unit 1: E-Payment Systems

1. The shifts occurring with regards to non-cash and online payments.
2. The players and processes involved in using credit cards online.
3. The different categories and potential uses of smart cards.
4. The various online alternatives to credit card payments and under what circumstances they are best used.
5. The processes and parties involved in e-checking.
6. The payment methods in B2B EC, including payments for global trade.
7. Electronic bill and invoice presentment and payment.
8. Understand the sales tax implications of e-payments.

Unit 8: Security

1. Issues with different types of commercial websites
2. Understanding risks and security threats
3. Usability, performance, cost and security
4. Authentication principles
5. Encryption and digital certificates
6. Secure web servers
7. Firewalls
8. Usual security precautions
a. Auditing and logging
b. Physical
c. Backups

9. Authentication with PHP and MySQL
10. Secure transactions with PHP and MySQL
a. Providing secure transactions
b. Using SSL
c. Using encryption in PHP

You will be assessed on how well you have applied, evaluated and reflected upon these issues, in the context of the web-based system of your Production Project.

To achieve success in this module you may implement the IITB units in your Production Project or, if the units are not directly applicable to your Project specification, be able to analyse and appraise how they are implemented in real world organisations.

For each IITB unit, you must demonstrate your depth of knowledge of real world case studies and how these Internet systems compare and contrast with your own implementation.

-------------

Everything is tied around a group production project (innovation & enterprise, core module (internet systems) and production project A + B (writing about it and developing it)

me and my mate are doing internet systems, one lad is doing advanced databases and one is straight business

Fr0dders · 10 Feb 2007 at 20:25

sorry for being nosey

by "cover it"

do you have to code it in .net or PHP or whatever. or just write a design specification document type of thing ?

geeza · 11 Feb 2007 at 14:41

MrLOL said:
sorry for being nosey

by "cover it"

do you have to code it in .net or PHP or whatever. or just write a design specification document type of thing ?

I think itd be better if we had it in our project but we can use a real world example of how it works and explain it I think