perleager has asked for the wisdom of the Perl Monks concerning the following question:
Hi,
I'm a little paranoid about my programming. I'm about to take on a project that consists of a membership area that in order for members to view, they must pay for a subscription fee. I'm thinking about using a third party cc billing company and once a user signs up, it has a script that will update the members database to tell my web application that he/she signed up.
Now since this will deal with money, there are always potential hackers who would want to eliminate competitoin or even receive free service. Thats just my thinking...you can call it paranoia. But the thing is, I'm confident that I can do the programming, but its how well I can do it. How would I know if its secure enough? That leads to my question whether if there are private companies that check how secure an application is and then tells you the loopholes you must fix? Or Can I do this myself? I'm assuming I'll need to read lots of hacking books and then see if those hacking tricks apply to my web application.
Basically I got most security features checked off my list:
Any recommendations of articles or books to read about security with membership sort of sites will be real nice.
Thank you all,
perleager
I'm a little paranoid about my programming. I'm about to take on a project that consists of a membership area that in order for members to view, they must pay for a subscription fee. I'm thinking about using a third party cc billing company and once a user signs up, it has a script that will update the members database to tell my web application that he/she signed up.
Now since this will deal with money, there are always potential hackers who would want to eliminate competitoin or even receive free service. Thats just my thinking...you can call it paranoia. But the thing is, I'm confident that I can do the programming, but its how well I can do it. How would I know if its secure enough? That leads to my question whether if there are private companies that check how secure an application is and then tells you the loopholes you must fix? Or Can I do this myself? I'm assuming I'll need to read lots of hacking books and then see if those hacking tricks apply to my web application.
Basically I got most security features checked off my list:
The real downer is this is on a win2k system. Is apache more secure? I may recommend the company I'm working for to move it to a apache server. But the mysql database is located somewhere elsewhere other then the web server machine (I heard this was better).tainting ssl warnings use strict form checking every inputted variable cgi.pm to disallow uploads and to have a certain max length to avoid D +OS mysql queries using placeholders and/ or having = '$taint_input' mysql user passwords using md5 session management using md5 session code (cgi::session) mysql is password protected (password is not shown in any perl scripts +)
Any recommendations of articles or books to read about security with membership sort of sites will be real nice.
Thank you all,
perleager
Edited by Arunbear: Changed title from 'Paranoia', as per Monastery guidelines
Back to
Seekers of Perl Wisdom