FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Secure website
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Secure website [message #183564 is a reply to message #183561] Fri, 01 November 2013 00:36 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 10/31/2013 12:47 PM, Graham Hobbs wrote:
> On Thu, 31 Oct 2013 11:24:25 -0400, Jerry Stuckle
> <jstucklex(at)attglobal(dot)net> wrote:
>
>> On 10/31/2013 10:27 AM, Graham Hobbs wrote:
>>> On Wed, 30 Oct 2013 23:03:42 -0400, Jerry Stuckle
>>> <jstucklex(at)attglobal(dot)net> wrote:
>>>
>>>> On 10/30/2013 7:15 PM, Graham Hobbs wrote:
>>>> > On Wed, 30 Oct 2013 14:56:12 -0400, Jerry Stuckle
>>>> > <jstucklex(at)attglobal(dot)net> wrote:
>>>> >
>>>> >> On 10/29/2013 11:02 PM, Graham Hobbs wrote:
>>>> >>> Hellop,
>>>> >>>
>>>> >>> I have an ordinary website (all PHP), it has no 'conscious'
>>>> >>> protections, just code that does a job. One page (not written yet
>>>> >>> because I don't know how), will advertise a product for sale.
>>>> >>>
>>>> >>> My concept is that a buyer goes to a paypal screen, does the
>>>> >>> necessary, when payment is verfified and paid, an email is
>>>> >>> automatically sent to the buyer with a download key. At the buyers
>>>> >>> dicretion, they go to the download page, enter the key and the
>>>> >>> software gets downloaded. Is this sort of thing a novice PHP'er could
>>>> >>> do.
>>>> >>>
>>>> >>> I'd like to be sort of semi-conversant before I contact paypal. Is the
>>>> >>> above feasible, is my ordinary website secure, is there a specific set
>>>> >>> of PHP'ish or other 'things to do'
>>>> >>> e.g.
>>>> >>> ... how to prevent more than one download, do I store the software
>>>> >>> package on my ISP's server, is it safe, since it has several exe files
>>>> >>> would they be in a zip file, how to assign a download key, let the
>>>> >>> whole process be automated?
>>>> >>>
>>>> >>> .. starter clues appreciated, thanks,
>>>> >>>
>>>> >>> Graham Hobbs
>>>> >>>
>>>> >>
>>>> >> A couple of questions:
>>>> >>
>>>> >> 1. What happens if that "one download" is unsuccessful? Are you going
>>>> >> to make the buyer pay again?
>>>> > - OF COURSE .. just a joke!
>>>> > - I would guess a failed download would be rare but if so, an email
>>>> > would ensue and |'d reply with an attachment - reasonable?
>>>>
>>>> Less rare than you would think. And how would you check to see if the
>>>> download failed or not?
>>> I wouldn't, I'd expect an email from the buyer. Is there a rule of
>>> thumb way to check?
>>
>> No, there is no good way to check to see if a download completed or not.
>> The file may have been sent, for instance, but for some reason not
>> stored on the user's computer (i.e. internet connection broke, out of
>> disk space, etc.).
>>
>> But expecting an email from the buyer after he/she purchased something
>> isn't very user friendly. That's why most products use unique keys
>> which must be keyed into the product to make it run. But of course that
>> only works if the user has a reason to contact your site again, i.e.
>> upgrades, etc.
>>
>> If your audience is so small, why not give them a download link which is
>> good for something like 24 hours? That way if it fails, they can retry.
>>
>>>>
>>>> >>
>>>> >> 2. What is to stop one person from buying your program, then sending it
>>>> >> off to all of his friends (or uploading it to another site)?
>>>> > - doesn't all software face that problem? .. is there a solution?
>>> Would be most interested in commentary on this.
>>>> >>
>>>> >> You can do it, but in addition to the other comments about PayPal - if
>>>> >> they have a system outage, it can take several hours (even after they
>>>> >> make it back up) for them to process the payment. It doesn't happen
>>>> >> often, but it does occur.
>>>> > - my software has a small audience, I would expect this not to be a
>>>> > concern
>>>> >
>>>>
>>>> Famous last words...
>>>>
>>>> If your audience is so small, why do you worry about it?
>>> Well I hope 'not SO small':-). Am not worried. Given the small number
>>> of buy operations and infrequency of Paypal downtime, concurrency of
>>> these events would be remote.
>>> But I do worry about some nasty intercepting and cocking up any part
>>> of the process from 'the buy page' through to emailing a 'key' and the
>>> subsequent download. Not infecting buyers is the point.
>>>
>>
>> You can take standard security precautions on your website, but there
>> isn't much you can do about email being intercepted.
> ---
> That's good notes Jerry, thanks,
> I googled 'standard security precautions for websites' .. got to a
> company called Webroot (amongst others) .. they list a slew of things
> they take care of .. might be a reasonable approach for me? I can't
> see me programming 'security' myself, best left to the experts.
> Graham
>

Depends on how much you're willing to pay, and how much you trust the
qualifications of the programmers. Anyone can "list a slew of
things...". Fewer can do it properly.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: reading files with accents in the filename from PHP
Next Topic: No action desired until one button is clicked
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 15:16:48 GMT 2024

Total time taken to generate the page: 0.04269 seconds