close

Вход

Забыли?

вход по аккаунту

код для вставкиСкачать
Building Success Websites
What to build and what to look out
for!
What do you want to do?
•
•
•
•
•
Publish company info with an online brochure
Take orders for good and/or services
Provide services or digital goods
Add value to goods and/or services
Cut costs
Publish company info with an online
brochure
• Simple static information that dominated the
web in the early 1990’s
• How can they fail?
– Failure to provide important information
– Poor presentation
– Failure to respond to customer feedback
– Allow info on site to go stale
– Fail to track site usage stats
Take orders for good and/or services
• Ways to fail…
– Unanswered questions about products/services
– Trust
– Ease of use
– Compatibility
– Wrong product
– Bad marketing
– Grow to fast
Provide services or digital goods
• Think information sites (stocks for instance) or
digital media (ebook, video, mp3 etc.)
• Pros –cheap, immediate delivery
• Cons – Intellectual property rights (CISC355)
• Ways to fail
– Not securing the IP rights to what customers want
– Model is not scalable
Add value to goods and/or services
• Some websites are value added…
– Think tracking on ups.com or fedex.com
– Support forums for goods/services
• Ways to fail
– Not providing timely responses (think usps.com)
– Not adding the value you think you are (how do
you get/respond to feedback?)
Cut costs
• Providing PDF manuals online instead of
printing/shipping bulky physical copies
• Replacing brink and mortar stores with online
only.
– Not having a strategy or understanding your
customer base
Risks and Threats
• Crackers – Secure your site against internal and
external threats!
• Failure to attract sufficient business
• Infrastructure/Scaling issues (power, hardware,
network, etc.)
• Reliance on Shipping
• Competition
• Software bugs
• Government policies and taxes
Security Threats to Websites
•
•
•
•
•
•
Exposure of confidential data
Loss of data
Modification of data
DoS Attacks
Software bugs
Repudiation
Ways to combat security threats
• The most secure website is one that is not
connected to a network… Unfortunately it is
not very usable!
• Need a balance between security and usability
– Authentication
– Encryption
• Private Key
• Public Key
Security… continued
• Certificates – combine you saying who you are
via a Certifying Authority and encryption
• Data backups
• Physical Security
PHP Authentication
• Security is not a bolt on afterthought or
something you will get to later…
• Successful websites have security built into
the development process…
• But where to start… How about
authentication?
– There are many ways to implement but most sites
only require a username/password combination
Some PHP Authentication Examples
• Simple Authentication ( secret.php - cool
multistate page – very useful!)
– What is good about this model?
– What is bad about this model?
• Improved Simple Authentication (secret2.php)
– What is good about this model?
– What is bad about this model?
Encrypt Passwords
• Anyone have an issue with storing a password
in clear text?
• PHP has several encryption algorithms
available… Using one way hash functions
– crypt() – old and not very secure
– md5() – Message Digest 5 – medium secure
– sha1() – Secure Hash Algorithm 1 – most secure
Other ways to secure
• HTTP Authentication
• Sessions (later chapter)
1/--страниц
Пожаловаться на содержимое документа