вход по аккаунту

код для вставкиСкачать
Building Success Websites
What to build and what to look out
What do you want to do?
Publish company info with an online brochure
Take orders for good and/or services
Provide services or digital goods
Add value to goods and/or services
Cut costs
Publish company info with an online
• Simple static information that dominated the
web in the early 1990’s
• How can they fail?
– Failure to provide important information
– Poor presentation
– Failure to respond to customer feedback
– Allow info on site to go stale
– Fail to track site usage stats
Take orders for good and/or services
• Ways to fail…
– Unanswered questions about products/services
– Trust
– Ease of use
– Compatibility
– Wrong product
– Bad marketing
– Grow to fast
Provide services or digital goods
• Think information sites (stocks for instance) or
digital media (ebook, video, mp3 etc.)
• Pros –cheap, immediate delivery
• Cons – Intellectual property rights (CISC355)
• Ways to fail
– Not securing the IP rights to what customers want
– Model is not scalable
Add value to goods and/or services
• Some websites are value added…
– Think tracking on or
– Support forums for goods/services
• Ways to fail
– Not providing timely responses (think
– Not adding the value you think you are (how do
you get/respond to feedback?)
Cut costs
• Providing PDF manuals online instead of
printing/shipping bulky physical copies
• Replacing brink and mortar stores with online
– Not having a strategy or understanding your
customer base
Risks and Threats
• Crackers – Secure your site against internal and
external threats!
• Failure to attract sufficient business
• Infrastructure/Scaling issues (power, hardware,
network, etc.)
• Reliance on Shipping
• Competition
• Software bugs
• Government policies and taxes
Security Threats to Websites
Exposure of confidential data
Loss of data
Modification of data
DoS Attacks
Software bugs
Ways to combat security threats
• The most secure website is one that is not
connected to a network… Unfortunately it is
not very usable!
• Need a balance between security and usability
– Authentication
– Encryption
• Private Key
• Public Key
Security… continued
• Certificates – combine you saying who you are
via a Certifying Authority and encryption
• Data backups
• Physical Security
PHP Authentication
• Security is not a bolt on afterthought or
something you will get to later…
• Successful websites have security built into
the development process…
• But where to start… How about
– There are many ways to implement but most sites
only require a username/password combination
Some PHP Authentication Examples
• Simple Authentication ( secret.php - cool
multistate page – very useful!)
– What is good about this model?
– What is bad about this model?
• Improved Simple Authentication (secret2.php)
– What is good about this model?
– What is bad about this model?
Encrypt Passwords
• Anyone have an issue with storing a password
in clear text?
• PHP has several encryption algorithms
available… Using one way hash functions
– crypt() – old and not very secure
– md5() – Message Digest 5 – medium secure
– sha1() – Secure Hash Algorithm 1 – most secure
Other ways to secure
• HTTP Authentication
• Sessions (later chapter)
Пожаловаться на содержимое документа