coxdabd — 2011-02-23T15:54:28-05:00 — #1
Hi all, I'm in the process of creating an e-commerce site, just wondering what the biggest security risks are. I've used the mysql_real_escape_string on all data entering the database which should remove the risk of SQL injection. The customer will not be storing credit card information on the site. Just basic personal details.
I'm just using sessions, no cookies. Any pointers or advice will be greatly appreciated as always
mandes — 2011-02-23T18:58:24-05:00 — #2
Your biggest problem after basic programming errors and malicous intent will be your customers.
If they can find a hole in it they will, they will bookmark you pages halfway though the process go for a cuppa and come back 3 days later and try to continue where they left off, they'll use the browsers back and forward buttons, forget passwords and try to log in again with same details, try to log in with blank fields, unacceptable characters ........... and do everything you didnt think a sane person would try to do.
coxdabd — 2011-02-24T03:12:00-05:00 — #3
Hi Mandes, thanks for your message. I can see how that could prove a problem - gerrrr! Thanks for the help