website security

**Rabbit** · Sep 21 '11, 09:25 PM

If you're new to website security and you are trying to implement an e-commerce solution, I strongly suggest you use an open source solution such as zen cart.

Trying to create a solution from scratch when you don't know the concepts yet is asking for trouble. I can see attempting something of this magnitude for learning purposes where you're not actually using confidential data, but to attempt to do so with live data is risky.

**michaeldebruin** · Sep 22 '11, 01:33 PM

I know all the risks and stuff like that and I am also not saying that the website is going online. I just want to make a website to practice, so I know I can make one with a very strong security.
So please tell me if you know some answers on my question.

**Rabbit** · Sep 22 '11, 04:17 PM

Well, you'll want to use HTTPS for all the communication between the client and the server. As for the password, yes, you'll want to store the hash and not the plain text. MD5 is a popular algorithm but it is no longer recommended. I am partial to SHA2 myself. I learned to implement that from the pseudo code on the wikipedia page. It also has a couple of hash results that you can use to check if your implementation is correct. Having said that, PHP has hash functions built in so there's no need to implement your own.

website security

website security

Comment

Comment

Comment