Web Site help
I originally posted this in AO but got no response. It's somewhat Apple related so I'll try again here.
I'm interested in setting up a web site that relies on getting info to and from a DB and ultimately accepts a credit card payment. I have almost no experience with these things.
I'm looking for help on this because I'd like to start of a site to do some altruistic things and (hopefully) make a little cash. I'm interested in any help, info, anecdotes from people who have worked on big corporate sites, whatever.
I would want to do it in X, presumably on an Xserve so it could expand. I'm guessing mysql & apache, or some other open source and free but well supported options. From there I could get the whole thing done. Mostly it's just get the info, take the CC# & charge a fee, print a receipt and that's it.
I've worked on static pages, and I've fooled around a bit with php & mysql, but never really got anything substantial going. If you've got any advice I'd love to hear it.
Thanks.
I'm interested in setting up a web site that relies on getting info to and from a DB and ultimately accepts a credit card payment. I have almost no experience with these things.
I'm looking for help on this because I'd like to start of a site to do some altruistic things and (hopefully) make a little cash. I'm interested in any help, info, anecdotes from people who have worked on big corporate sites, whatever.
I would want to do it in X, presumably on an Xserve so it could expand. I'm guessing mysql & apache, or some other open source and free but well supported options. From there I could get the whole thing done. Mostly it's just get the info, take the CC# & charge a fee, print a receipt and that's it.
I've worked on static pages, and I've fooled around a bit with php & mysql, but never really got anything substantial going. If you've got any advice I'd love to hear it.
Thanks.
Comments
IMHO (and I am sure that someone more knowledgeable than I will give better info):
You will need to buy a certificate (Verisign or thawte????) for CC transactions.
You can contract with a company to process all of your CC transactions, but this could be $$$. Not sure.
You can process the CC transactions yourself, less $$ but maybe more effort on your part.
If you are even considering doing anything with sensitive info (cc #, SSN etc.) then please do some serious reading on how to secure your web server (apache, OS etc.) and how to secure your database.
good luck
See, it is prohibitively expensive to develop the software yourself, and it is equally expensive to process CC transactions yourself. My firm has built software that has done both. Our clients received custom code, and it cost them a lot of money... especially to keep everything secure.
Also, an Xserve isn't really the best option. You can colo a 1U server for about $125/mo with acceptable bandwidth. A lot of places will offer you a deal on a server they provide. But you can put together an Intel based 1U server with everything you need that can run linux for a hell of a lot less than an Xserve. Sounds like the Xserve would be overkill, and I mean way overkill, for your site.
Hope that helps...
I would like to keep this on Mac OS X Server for the sake of it, and because I want to learn more about working with a Mac OS X Server. I am now looking into co-location of an Xserver, rather than owning one myself.
I've been afraid to do the PayPal payments because it seems unprofessional. But, the whole CC transaction process is a pain. I know it. The DB interaction is more crucial, at least at first.
Anyone out of work or looking for a side project?
Does anyone have any suggestions about different pre-fab shopping cart solutions? Any specific packages?
Or would running my own mysql DB with some PHP added to the mix be the way to go? I programmed a lot in my youth, so code isn't foreign to me. That's why I initially thought I'd do it myself.
So, do it myself, or any specific pre-fab server packages?
The problem is that if you run shopping carts software, accept credit card payments (yes, you need a certificate for this kind of activity) and all that, you must accept full responsibility for being hacked, for stolen credit card numbers, fraud, refunds, software errors, etc. It's just too much for a healthy individual.
For starters, I recommend you sign an agreement with a certified company like eSellerate or 2CheckOut (search with Google and read between the lines!). Ideally, it should work like this: on your site you have a link to a secure shop run by a certified company. A client makes a real purchase on their site (note: not on yours, so you can't be accused of any security problems), then the company processes the payment and after deducing their fee transfers the money to your bank account. You do nothing of great responsibility.
Such companies offer free shopping cart software, CC processing, verification and validation, secure electronic means of transferring money, security teams of their own, provide fraud protection and, in general, know what they are doing. If you are not 101% sure of your networking security skills, forget about it and use paid services offered by professionals.
This would take most of the hassle out of the whole experience.
Security should be your biggest concern and as I am finding out, it is a very complicated beast.
Server Side:
1. OS X Server 1U (or a flavor of PowerPC - not a notebook)
2. OS X Server Software (will even run on E-mac)
3. PHP (built into OS X Server)
4. MySQL (built into OS X Server)
5. Apache (built into OS X Server)
6. Secure Certificate (Verisign, Thawte, etc)
3rd Party Software: (All OpenSource)
1. OS Commerce (www.oscommerce.com)
2. J-Edit (nice IDE for just about everything)
3. An image editor (Photoshop, Gimp, etc.)
Credit Card Proc.;
1. If your company already processes CC, then your good to go.)
Good Luck
D
Originally posted by costique
You don't want your own eCommerce solution, trust me.
I do trust you. I'm just bouncing ideas out here. Third party sounds the way to go, but they look expensive. I guess it's expensive to push the risk on to someone else.
If I'm using a third party to handle the transactions, then basically I'm left just making an interactive DB with web page. I'll still need to gather and store some information. For this I'm thinking of mysql & php, as I've said.
Can anyone compare ease of use when using these two (and apache) on OS X or OS X Server?
DrCreations, thanks. I want to be able to bring this in house one day if only to have a backup situation in case an ISP or other third party company dissolves under my feet. That's why I'm thinking of doing as much as I can myself, even if the site itself is hosted by someone else.
Originally posted by bunge
Can anyone compare ease of use when using these two (and apache) on OS X or OS X Server?
Apache and MySQL are going to be the same on OS X Server and plain old OS X. If thats what you're asking.
Setting up both should be pretty easy for someone as tech-literate as you seem to be. Especially with loads of online information and well......us
I've built a bunch of eCommerce sites, most of which were my own custom code but I did a few with off the shelf shopping carts. They were all for windows however.
If you're looking for a good credit card processor...check out these guys:USA ePay
I use them a lot. They support PHP.
So, I'm thinking a site that's simply Apache, PHP & a Mysql DB. Then, with miracles, a conduit that connects my site to a third party eCommerce/shopping cart vendor.
Willoughby, you looking for an apprentice?
I've found an ISP, Ninewire, does anyone have any experience with them? I would use them because I want to further the 'X' cause and my own knowledge of these technologies. I do want to learn these technologies for my own personal grown and because I would want to know what's going on behind my own site.
Take the order, and get PHP to email the CC details to you (an account on the same server as the website) then, setup a client to check this account via a secure connection APOP SSL etc, every 5 mins.
The chance of you being hacked within the same 5 mins between taking an order and downloading the mail from the server is very small.
Just make sure you use a secure connection and NOTT IMAP... IMAP leaves the messages on the server.
Does this mean after the client gets the email, a live person has to manually pull the info out of an email and move it through the actual charging process? Or would the client computer be able to siphon the correct information out of an email and push it through to make the charge?
And I'm so anal about these things I'd make it check for email every one minute, not every five....
If by apprentice you mean "working for free" - sure! I've got a few projects I could always use help with.
You actually can leave the credit card information on the server if you encrypt the credit card numbers first and then post them to a database. I had to do that for a site with monthly billing. If you were to look directly at the table in the database with the card numbers, it would look like garbage and would take a lot of processing power to decrypt it.
I think keeping the credit card numbers in clear text in an email on the server isn't a good idea. If your customers found out they wouldn't be too happy. You can't trust everyone at your ISP. What about that 14 year old kid that works there on the weekends?
If you want to do it right, you should really use a credit card processor where the card number is sent securely to their server, processed and then deleted.
Worst case scenario, you can use Yahoo's secure shopping cart through their site.
Your biggest expense is going to be the secure certificate. Those range from $350 to near $1000 depending on the level of encryption you want (40bit - 128bit). But I believe if you use a site like Yahoo, you don't have to get a certificate because you'll be using Yahoos.
Originally posted by Willoughby
bunge,
If by apprentice you mean "working for free" - sure! I've got a few projects I could always use help with.
Hell yes! Isn't that what an apprentice normally does? Work for free I mean? I guess back in ye olde days you would have to feed me too. Times have changed....
Originally posted by Willoughby
If you want to do it right, you should really use a credit card processor where the card number is sent securely to their server, processed and then deleted.
And this can be done with PHP?
Originally posted by Willoughby
Worst case scenario, you can use Yahoo's secure shopping cart through their site.
Your biggest expense is going to be the secure certificate. Those range from $350 to near $1000 depending on the level of encryption you want (40bit - 128bit). But I believe if you use a site like Yahoo, you don't have to get a certificate because you'll be using Yahoos.
$1000? Annual, or one time fee? That number doesn't scare me if it isn't annual, and if it is, then I'd just have to be a little more dilligent with the business. That's only a good thing (although paying every year isn't great.)
If you have a business account with your bank, ask your banker about processing credit cards for your business. I recently went to open a second business account at my bank and they asked me about accepting CC transactions again. They would be able to give you a better idea as to costs as well.
My only fear is that my site would be (hopefully) low cost products with high volume purchases. So, that would mean a LOT of manual transfers. Worth it? Maybe, if the infrastructure needed to automate the process is cost prohibitive.
I'll look into the bank fees though, because I'll eventually need to weigh that vs. an automated system.
Again, thanks. It's stories like these that are going to help me avoid some potentially drastic mistakes.
Originally posted by bunge
And this can be done with PHP?
Yes!
$1000? Annual, or one time fee? That number doesn't scare me if it isn't annual, and if it is, then I'd just have to be a little more dilligent with the business. That's only a good thing (although paying every year isn't great.)
It is annually
However, if you pay for 2 years or more upfront you get a discount.