Find the answer to your Linux question:
Results 1 to 5 of 5
I am new to linux and have been reading a lot of the articles and threads on this site for the last month and still feel a bit uncomftorable using ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    2

    Exclamation E-commerce Server Security


    I am new to linux and have been reading a lot of the articles and threads on this site for the last month and still feel a bit uncomftorable using linux without a GUI. Now I will most likely hire someone to help me with this to make sure it is done right in the first place but I am pretty good with computers and would like to learn as much as I can on my own. So for a bit your opinions please.

    I am setting up an ecommerce site for my business and want to house the server in my office instead of using a hosting service. I want to keep costs down and I hear Linux/Unix is the best security match up for Apache.

    What sort of security do I need for my ecommerce site?

    Do I need a proxy, or can I use a normal router?
    Will the Certificates be enough to protect the site? (eg. Verisign, hackersafe)
    What is the most secure Linux Distro?

    I was thinking of doing the site in PHP/MySQL or C Sharp. I want to make use of forums and blogs within the site as well so I am leaning more towards PHP but I heard it is also easier to hack.

    Any feedback is appreciated.

    Thank you.

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    PHP is better then C#.
    C# is really unusefull. Its a MS language.
    I dont think you can run that in linux.

    Anyhow, well Linux is secure as it is.
    you might want to use Debian. And if you really need a GUI install kdrive + OpenBox..

    Well, If you want this box to be secure you have to do the following things:
    - Install Iptables and make Cleaver Rules
    - Install HIDS and Monitor it
    - Install rkhunter as Cron
    - Install NIDS if more people use the same network
    - Use OpenSSL.
    - Log all the Traffic, going in and out and scan ever now and then.
    - Backup the MySQL everyday
    - Update everyday.

    If you code good in php you filter out MySQL injections and XSS.
    Dont add stuff on the page were the User can send stuff to the server that isnt needed. (eg a GuestBook)
    Deform the password and username before parsing it to the MySQL so affect MySQL exploits..

    Lisern/Read the SecurityNow bit over XSS and MySQL Injections (you have to google for Security Now)
    The security system they offer (as it is there sponser) is not needed. dont order it.

    Cheers,
    Robin
    New Users, please read this..
    Google first, then ask..

  3. #3
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,890
    Quote Originally Posted by RobinVossen View Post
    PHP is better then C#.
    C# is really unusefull. Its a MS language.
    I dont think you can run that in linux.
    Sorry Robin, I don't like doing this, but I have to pick you up on this point before everyone think's we're just plain anti-Microsoft here.

    C# is a fully standardised language, and was so before Java (I don't even know if Java is yet). Just because it was created by Microsoft doesn't mean it's bad - it was designed to run on the .net platform.

    And yes, you can run this language on Linux. Take a look at the Mono project C# compiler pages, here.

    C# and .NET/Mono is one of the most interesting developments in computing over the last 20 years - suddenly the kings of 'embrace and extend', i.e. Microsoft, have given away the chance to 'embrace and extend' their own language and platform. It's possible now to ship the same .net executables for use on both Windows and Linux (with limitations, of course).

    P.S. I know next to nothing about the ecommerce security, and I know nothing of whether C# is better or worse than PHP for these kinds of applications.
    Linux user #126863 - see http://linuxcounter.net/

  4. #4
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    I am not Bashing MS here.
    I just really dont like C# I am coding it for school and well it just stinks..
    I knew about Mono, but I thought it was slightly diffrent just as Gambas on VB.

    But well I just really hate C#..
    New Users, please read this..
    Google first, then ask..

  5. #5
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    if you are really paranoid about security (and I would be for ecommerce), familiarize yourself with tools like AIDE or tripwire, and get to know nessus. these can all be found thru google. Nessus will help you find hole before others do and aide and tripwire (don't use together) will help let you know if others have found holes.

    as far as OS, I would say if you have one you are already familiar with, use that. the same tools work on all flavors, so you don't want to have to learn a new distro on top of all of this.


    and to take it a step further, if you have 2 machines you can use, you could use something like pound , or pen, or haproxy, and reverse proxy your traffic to your machine, this way your machine isn't directly connected to the net.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •