Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

General Discussion

Jenny Swift
Jenny Swift
21,999 Points
Posted by Jenny Swift
Jenny Swift
21,999 Points

web app questions-data encryption and cost of data storage

Hi, I have been making a web application that runs with MAMP, and I am thinking of making it available on the real web (not just with MAMP), so that users can use it on other devices.

It is an app that stores a lot of data entered by the user. It uses PHP and MySQL.

Does Treehouse or anywhere else have any info on getting a web app started on the web? Specifically, I am wondering about the following:

Security

It's a bit daunting being responsible for people's data. I haven’t come across much about protecting data on Treehouse, but I suppose there would be things I should know about how to protect it from the internet villains out there.

For example, I remember getting emails from apps I was using earlier this year telling me to change my passwords due to the Heartbleed Bug. So I figure if I create an app I should be responsible for knowing about the security issues out there and protecting users from them. But I don’t know how I would do this. I feel like there should be some course on the topic.

I notice that other web apps tend to have fancy jargon regarding the security of their data, so I figure maybe I should learn how to apply the same sort of security for my app. For example,

Dropbox 'secures your files with 256-bit AES encryption’.

1Password has 'AES-256 using Encrypt-then-MAC’ and 'GPU resistant PBKDF2-HMAC-SHA512’.

Basically, could you share any tips or resources please about how to protect my users’ data or anything else I should know about security? Does treehouse have anything about this?

Financially

Currently, the only web host I’ve used is Web Hosting for Students. I’m guessing I wouldn’t be able to store enough data with them and so maybe I’d have to go with a more expensive web host. I’m wondering how other web apps like Evernote, Dropbox, or Workflowy were able to get started financially while still allowing their users to use their apps for free, and especially when the free limit of storage space is reset each month! Can anyone explain please how I could make my app free to use when I imagine the data storage could get quite expensive? I know the other apps have paid subscriptions as well as the free ones, but I’m thinking people may not want to pay for my app in the early stages.

1 Answer

James Anwyl
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
James Anwyl
Full Stack JavaScript Techdegree Graduate 49,960 Points
James Anwyl
.a{fill-rule:evenodd;}techdegree seal-36
James Anwyl
Full Stack JavaScript Techdegree Graduate 49,960 Points

Security is a pretty broad topic and there is no "right-way" to secure a website. Some things you'll need to consider are:

  • Encrypting personal information (PHP has libraries that can do this - such as mcrypt)
  • Protecting against SQL injection and XSS
  • Using SSL

You should check out OWASP as a starting point and for reference.

Financially, I don't think data storage costs will be your biggest problem unless you are storing tons of data or lots of images and other media. Mysql databases tend to be quite small in terms of filesize.

Using a shared host like Web Hosting For Students would be a good place to start. You can always look at other shared hosts, running your own server or a cloud hosting solution like AWS if you need to scale up in the future. Also important to note that a lot of companies offering a free service to users will operate at a loss to begin with and hope they get bought out by someone or find a way to monetize later.

Some security resources and things to check out:

I'll stop now before this turns into an essay but hopefully that will give you a few pointers :)

Jenny Swift
Jenny Swift
21,999 Points
Jenny Swift
Jenny Swift
21,999 Points

Wow, lots of information-fantastic. Thank you so much James for your detailed response!

James Anwyl
.a{fill-rule:evenodd;}techdegree seal-36
James Anwyl
Full Stack JavaScript Techdegree Graduate 49,960 Points

No problem hope it's not too overwhelming :)