In this chapter, we??™ll be laying the groundwork for this by implementing a customer
account system.
To make e-commerce sites more user-friendly, you usually store details such as credit
card numbers in a database so that users don??™t have to retype this information each time they
place an order. The customer account system you??™ll implement will store this information and
include all the web pages required for entering such details.
As well as implementing these web pages, we??™ll need to take several other factors into
account. First, simply placing credit card numbers, expiry dates, and other important information
into a database in plain text isn??™t ideal because it raises the possibility that this data could
be stolen should the server be compromised. This could occur remotely or be perpetrated by
individuals within our organization. In addition to enforcing a prohibitively restrictive access
policy to such data, it can be a lot easier simply to encrypt sensitive information and retrieve it
programmatically when required. We??™ll create a security library to ease this functionality.
Second, secure communications are important because you??™ll be capturing sensitive information
such as credit card details via the Web. We can??™t just put a form up for people to access
via HTTP and allow them to send it to us, because the information could be intercepted.
Pages:
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596