Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Nathan Smutz
9,492 PointsHow do you know if you're prepared to make a secure ecommerce site for a client?
I'm getting ready to meet with a client for my second freelance gig. In addition to a page promoting his fabrication business, he wants a little shop site for some products he sells.
I know we have a course here for using a WordPress eccomerce add-on. Other posters have pointed out that that's a big hacking bullseye. If it were my own business, I could take that risk and maybe learn from it; but, I need to give a client a dependably secure system.
In a college class we learned about salting passwords, sanitizing inputs and generally not being stupid with database queries; but the professor made it pretty clear we weren't prepared for real life security threats.
Is there a good shopping-cart/checkout service that can be securely hard-coded into a small shop site? Or, from an ethical standpoint, do I need to point my client to Shopify or one of the other whole-shop solutions?
1 Answer
Jonathan Grieve
Treehouse Moderator 91,254 PointsHave a look on Google for something call SSL. Your hosting company will offer this which is a script that offers your website/ecommerce store an extra layer of encryption. Otherwise your store is only as secure as your password. :-)
Nathan Smutz
9,492 PointsNathan Smutz
9,492 PointsMy concern is that, once user input affects things on your back end, you're dealing with an attack surface bigger than your password.
I suppose the thing to do (until you have significant security experience) is to effectively outsource the whole of that attack surface to people who recognize, defend and cleanup after attacks as their profession. People say it's not a matter of whether, but when you'll get hacked.
I'm looking for advice on how to be safe with a shopping cart and be sure (for reaaonable and ethical service - to - client values of sure) that I haven't created an attack vector around it.