Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Splitting backend/frontend across servers


wastrel

Recommended Posts

So, I've seen it said elsewhere on this forum that the developers are aiming to make a complete e-commerce solution. That said, why aren't the front end (store) and the backend (customer and product database) separate?

 

Basically, it seems that putting all information about both customers and products on the public Web server runs the risk of having some sensitive customer information leaked. Especially in this era of many virtual Web servers running on hosted boxes.

 

So why not split the functionality. The store and all the data needed for the store can be on the public Web server and an expanded administrative suite can be on a backend server. On a daily basis you can sync the databases between the two servers.

 

Customer information to be left on the public storefront could be encrypted using the customer's password, while information to be exported (and thus, temporarily on the public Web server) could be encrypted using a public key. The private key could decrypt that data once synched with the internal system and then the data could be deleted from the public system.

 

This architecture would hopefully result in the public server having non-sensitive data. Customer-specific data would be encrypted with the customer's password, so if it is broken, that could be blamed on the customer's poor selection of password. Meanwhile, sensitive information (if any) could be centrally stored in an internal company site, leading to better protection.

 

In some ways, this is similar to staging, but not exactly.

 

Any comments?

 

-R

 

I am only starting to review the OSC source code, so I'm not sure if those features are in there, but after previewing MS2, they don't seem to be.

Link to comment
Share on other sites

Holy crap! There's enough questions from newbs now like "How do I change the text on the front page of my site?" Imagine how bad it would get if your suggestion was implemented? :o

 

OSC is meant to be a solution for web heads and newbies alike. Your idea isn't very newbie friendly IMHO and would lead to chaos. :unsure:

Link to comment
Share on other sites

Its a good idea to split where the data is kept and encrypt anything on the server for security/privacy issues, however I dont think its a viable option for oscommerce until php has native support for encryption without the use of extensions.

Perdure - Transparent Object Relational Persistence
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...