Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Web Coding › How much would you charge for an e commerce website?
New Posts  All Forums:Forum Nav:

How much would you charge for an e commerce website? - Page 2

post #11 of 25
The way I did my webstore (Mind you it is a start up and will prolly expand as time goes on) but for the basics. I have a store page...On that store page is an image of each item for sale. Once someone clicks on that item it brings them to another page that has a description and additional pictures of the item. Then there is a buy now button. Once they click on that buy now button it takes them to paypal where they can log in to their account and pay me.

If you search on paypals website it has a nice form so you can fill out all the information, puts it in a button for you, and then you add the button to your site. After that if you want to change any of the charges (item cost, shipping, taxes, etc.) you just have to modify the code.
The Gibson
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-6600k Gigabyte GA=Z170X MSI 980ti G.SKILL Ripjaws V Series 16GB (2 x 8GB) DDR4 2400 
Hard DriveOptical DriveCoolingOS
240GB SSD 1TB WD Black HDD 128mb cache LG Blu-Ray Burner Corsair Hydro Series H110i GT Windows 10 Pro 
MonitorKeyboardPowerCase
3011 Dell 30 inch 1600p Logitech 920 Illuminated EVGA SuperNOVA 850W 80 Plua Platinum Certified... Thermaltake Chaser Series Chaser MK-I 
Mouse
Logitech Performance MX 
  hide details  
Reply
The Gibson
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-6600k Gigabyte GA=Z170X MSI 980ti G.SKILL Ripjaws V Series 16GB (2 x 8GB) DDR4 2400 
Hard DriveOptical DriveCoolingOS
240GB SSD 1TB WD Black HDD 128mb cache LG Blu-Ray Burner Corsair Hydro Series H110i GT Windows 10 Pro 
MonitorKeyboardPowerCase
3011 Dell 30 inch 1600p Logitech 920 Illuminated EVGA SuperNOVA 850W 80 Plua Platinum Certified... Thermaltake Chaser Series Chaser MK-I 
Mouse
Logitech Performance MX 
  hide details  
Reply
post #12 of 25
I know PayPal often seems the default "go to" for e-commerce, but I'm really not convinced it's the best (it's certainly not the cheapest and nor does it have the most developer friendly APIs). I do recommend developers look into other payment providers when building online shops rather than just opting for PayPal because it's a household name.
post #13 of 25
Quote:
Originally Posted by Plan9 View Post

I know PayPal often seems the default "go to" for e-commerce, but I'm really not convinced it's the best (it's certainly not the cheapest and nor does it have the most developer friendly APIs). I do recommend developers look into other payment providers when building online shops rather than just opting for PayPal because it's a household name.

Yeah, it's quite expensive for the end client, I can only imagine how much more expensive for the business.

My main concern was how to be able to offfer secure credict card payment options.
Secure, trusty and robust.
post #14 of 25
they can also use Amazon payments now
Command Center 1
(13 items)
 
 
TV ROOM HTPC
(11 items)
 
CPUCPUMotherboardGraphics
E5-2670 v1 E5-2670 v1  ASRock Rack EP2C602 Dual LGA2011/ Intel C602/ ... EVGA GeForce GTX 1070 SC GAMING ACX 3.0 Black E... 
RAMCoolingCoolingOS
64GB Samsung ECC 1333mhz Ram Coolermaster Hyper 212 Evo Coolermaster Hyper 212 Evo Windows 10 Pro 
MonitorPowerCase
LG 32 inch 3440 x 1440p Ultrawide Evga 1200 watt G2 Phanteks Enthoo Pro 
CPUMotherboardGraphicsRAM
I3-2100 gigabyte P67-UD3-B3 IGPU G.Skill 2x2GB 1333mhz 
Hard DriveHard DriveCoolingOS
Crucial M4 60Gb Hitachi Deskstar 2tb stock Windows 7 Home 64bit 
MonitorPowerMouse
42" Philips Lcd Corsair CX430 lian li 
  hide details  
Reply
Command Center 1
(13 items)
 
 
TV ROOM HTPC
(11 items)
 
CPUCPUMotherboardGraphics
E5-2670 v1 E5-2670 v1  ASRock Rack EP2C602 Dual LGA2011/ Intel C602/ ... EVGA GeForce GTX 1070 SC GAMING ACX 3.0 Black E... 
RAMCoolingCoolingOS
64GB Samsung ECC 1333mhz Ram Coolermaster Hyper 212 Evo Coolermaster Hyper 212 Evo Windows 10 Pro 
MonitorPowerCase
LG 32 inch 3440 x 1440p Ultrawide Evga 1200 watt G2 Phanteks Enthoo Pro 
CPUMotherboardGraphicsRAM
I3-2100 gigabyte P67-UD3-B3 IGPU G.Skill 2x2GB 1333mhz 
Hard DriveHard DriveCoolingOS
Crucial M4 60Gb Hitachi Deskstar 2tb stock Windows 7 Home 64bit 
MonitorPowerMouse
42" Philips Lcd Corsair CX430 lian li 
  hide details  
Reply
post #15 of 25
Quote:
Originally Posted by EduFurtado View Post

Yeah, it's quite expensive for the end client, I can only imagine how much more expensive for the business.

My main concern was how to be able to offfer secure credict card payment options.
Secure, trusty and robust.

Well like I said, pick a payment provide and read through their developer guides. Different payment providers offer different APIs.

Also, and as I'm sure you already know, HTTPS is a must. Just make sure that you disable SSL1 and SSL2 (only allowing SSL3 and TLS1 and above) and prefer the RC4 cypher (to avoid SSL based attacks like BEAST). But that would all be set up on the web server.
post #16 of 25
Quote:
Originally Posted by Plan9 View Post

I know PayPal often seems the default "go to" for e-commerce, but I'm really not convinced it's the best (it's certainly not the cheapest and nor does it have the most developer friendly APIs). I do recommend developers look into other payment providers when building online shops rather than just opting for PayPal because it's a household name.

I opted for Paypal in the start because it was the easiest when it came to creating the buttons and links to a checkout....Will I change to something in the future as my coding skills get better...Probably....but this works great for now.
The Gibson
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-6600k Gigabyte GA=Z170X MSI 980ti G.SKILL Ripjaws V Series 16GB (2 x 8GB) DDR4 2400 
Hard DriveOptical DriveCoolingOS
240GB SSD 1TB WD Black HDD 128mb cache LG Blu-Ray Burner Corsair Hydro Series H110i GT Windows 10 Pro 
MonitorKeyboardPowerCase
3011 Dell 30 inch 1600p Logitech 920 Illuminated EVGA SuperNOVA 850W 80 Plua Platinum Certified... Thermaltake Chaser Series Chaser MK-I 
Mouse
Logitech Performance MX 
  hide details  
Reply
The Gibson
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-6600k Gigabyte GA=Z170X MSI 980ti G.SKILL Ripjaws V Series 16GB (2 x 8GB) DDR4 2400 
Hard DriveOptical DriveCoolingOS
240GB SSD 1TB WD Black HDD 128mb cache LG Blu-Ray Burner Corsair Hydro Series H110i GT Windows 10 Pro 
MonitorKeyboardPowerCase
3011 Dell 30 inch 1600p Logitech 920 Illuminated EVGA SuperNOVA 850W 80 Plua Platinum Certified... Thermaltake Chaser Series Chaser MK-I 
Mouse
Logitech Performance MX 
  hide details  
Reply
post #17 of 25
The best Cipher to use for your SSL is ECDH (https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman)

Then fail back to RC4 or something else if it isn't supported.
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #18 of 25
Quote:
Originally Posted by dushan24 View Post

The best Cipher to use for your SSL is ECDH (https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman)

Then fail back to RC4 or something else if it isn't supported.

The problem with ECDHE (as OpenSSL called it for some reason) is that it's only supported in TLS1.1+, which sadly quite a number of boxes still don't support and is the case with some old browsers too.

RC4 is still secure against BEAST attacks and is supported in SSL as well as TLS. So as long as SSL 2.0 is disabled and RC4 is preferred (and obviously you're using CA certs rather than self signed) then your HTTPS connections are secure - even if you don't have TLS1.1+ and ECDHE installed (which would be the optimal solution)
post #19 of 25
Quote:
Originally Posted by Plan9 View Post

The problem with ECDHE (as OpenSSL called it for some reason) is that it's only supported in TLS1.1+, which sadly quite a number of boxes still don't support and is the case with some old browsers too.

That's true, but as I said, you can have it as your default cipher and fail back to something else if it is not supported on both ends.
Quote:
Originally Posted by Plan9 View Post

RC4 is still secure against BEAST attacks and is supported in SSL as well as TLS. So as long as SSL 2.0 is disabled and RC4 is preferred (and obviously you're using CA certs rather than self signed) then your HTTPS connections are secure - even if you don't have TLS1.1+ and ECDHE installed (which would be the optimal solution)

That's true and I agree with you. But ECDH is better. Primarily as it uses a different private key for each session, meaning that should the key be compromised and the traffic intercepted, the breach is isolated to just that session rather than all sessions for the given site.

EDIT: Basically what I'm saying is you should use TLS + ECDH by default, assume it will work in most cases and have provisions for when it does not.

That and make sure you use a good key, force SSL3 or better and use a CA Cert.
Edited by dushan24 - 6/14/13 at 6:55am
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #20 of 25
Quote:
Originally Posted by dushan24 View Post

That's true, but as I said, you can have it as your default cipher and fail back to something else if it is not supported on both ends.
You're still missing my point. If the server doesn't support TLS1.1+, then your httpd wouldn't work with your config. Period. Saying "you can fail back to RC4" doesn't apply because the webserver will not be running to begin with.

Don't get me wrong, I'm not trying to say that you're giving bad advice, just that you're being very assertive in stating that your config is the best solution, when in fact it depends on how the box is set up. In an ideal world, everyone would be running TLS1.2 and the latest OpenSSL libraries on their LAMP stack, but sadly that's not always the case. So people need to bare in mind that not including ECDHE in the cypher list on their httpd is absolutely fine as long as RC4 is preferred.
Quote:
Originally Posted by dushan24 View Post

That's true and I agree with you. But ECDH is better. Primarily as it uses a different private key for each session, meaning that should the key be compromised and the traffic intercepted, the breach is isolated to just that session rather than all sessions for the given site.
RC4 cannot currently be compromised so it's a moot argument.
Quote:
Originally Posted by dushan24 View Post

That and make sure you use a good key, force SSL3 or better and use a CA Cert.
You really don't want to force SSL3. That -specifically- is bad advice. The order of preference should be [TLS1.2, TLS1.1], TLS1.0 and if all else fails, SSL3. (TLS1.1 and 1.2 where host support is available)
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Web Coding
Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Web Coding › How much would you charge for an e commerce website?