Deploying, Security, and Maintenance [ 278 ] Once we have entered the username and password, we need to click on the Next Step button. Now that we have a database and a database user, we need to grant permissions for that user to be able to manage the database. Let's check the ALL PRIVILEGES check box and click on the Next Step button again. Exporting our local database As we now have a database set up on the server, we need to get a copy of our local database, which we will import into this. To do this, we need to navigate to phpMyAdmin in our development environment (http://localhost/phpmyadmin/), select the database, and then click on the Export tab. This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Chapter 14 [ 279 ] From here, we then tick the Saveasle box, and click on Go. This generates an export le of the database for us to use elsewhere. Importing the local database to the hosting account From within phpMyAdmin, we need to select the Import tab so that we can import the database. We can browse from here to the database le on our computer, using the Choose File button, and then click on the Go button at the bottom of the page to import the database to the hosting account. We now have our database set up on our hosting account. Uploading our store To upload the website les from our development environment to our production environment, we can use an FTP client. One such example of an FTP client is FileZilla, a free FTP client available for download. Within FileZilla, we simply enter the web address of the site, and our FTP username and password, and then click on Quickconnect. This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Deploying, Security, and Maintenance [ 280 ] Once the FTP client is connected, we simply drag the les from the relevant folder on our development environment in the Local site pane on the left to the relevant folder within the Remote site pane on the right. Commonly, the folder on the server would be either public_html or htdocs, and les within these folders are generally made accessible to the public through a web browser. Settings Finally, we need to modify some settings, which involves: Editing the conguration le to include the database connection details for our production environment Uploading this conguration le onto the server, telling the production site to use that database Changing any aspects of the settings table in the database that references our development environment, such as the URL of the site or the path for le uploads Automated deployment Automated deployment makes it very easy to deploy code into a production environment. The exact setup of this is beyond the scope of this book, but let's discuss briey what would be involved in this process: 1. We would make use of version control to store our code. 2. Copies of relevant conguration les would be within the version control, with references to production settings. 3. We would have a script on our production server, which: Checked the code out of version control Moved it into a web accessible environment Removed the development conguration les, and renamed the deployment conguration les Made any necessary changes to le permissions. This is a topic I've discussed in more detail on my personal blog (http://www. michaelpeacock.co.uk/blog/entry/svn-deploy-script), which may be of your interest if you are interested in pursuing an automated deployment system. • • • • • • • This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Chapter 14 [ 281 ] Security Security is a very important aspect with any website, but especially so with e-commerce websites. Let's look into how we can ensure our site and our customers' data can be kept secure. Server security The security of the server itself is one aspect of security that needs consideration. This can be broken down into two primary areas: Server software Firewall and network trafc Software Almost all software contain security vulnerabilities; once a vulnerability has been discovered, it is important to ensure that the software is upgraded or patched to prevent malicious users from exploiting these vulnerabilities. With managed hosting, we don't need to concern ourselves with server-installed software, as our hosting provider should keep that up to date. However, if we want to concern ourselves with the software on our server (and check our provider is up to date), or if we are operating on unmanaged virtual or dedicated servers, we need to keep updated on security developments with: PHP MySQL Apache The FTP server software The SSH server-side software This could be done by subscribing to any mailing lists found on the sites for those projects. Any other software we install, such as bulletin board systems, chat rooms, and so on, also need to be regularly checked for available upgrades and security updates. • • • • • • • This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Download at Wow! eBook Deploying, Security, and Maintenance [ 282 ] Securing the site with a firewall Software and hardware rewalls can help protect our website from attack; these generally work by blocking access to certain parts of the server from certain computers (for example, allow anyone to access the website stored on the server, except users we explicitly banned, but disallow anyone to access aspects such as FTP or SSH unless explicitly permitted). Most web hosts can advise on their rewall setup, and documentation is available for rewalls that can be used on virtual and dedicated servers. Passwords As a website owner or administrator of a site, our passwords can provide access to the administration area of the website. Our hosting account password also gives complete access to our website, including areas that are not related to our e-commerce system, such as databases, e-mail, and statistics, so it is important that we use secure passwords. Passwords that are not secure can be obtained by users' guessing, automated dictionary attacks where a computer goes through a list of words trying them as the password, or by social engineering. Strong passwords are one of the easiest ways to prevent user accounts from being compromised, or guessed by dictionary or social engineering attacks. These involve either going through a list of common passwords until the system logs the hacker in, or by researching the user and trying to guess passwords based off memorable information, such as dates of birth, names of friends and family, and so on. Some suggestions for making a strong password are as follows: Use both letters and numbers Make use of special characters, such as @, /, \, #, *, &, and so on Make all of your passwords unique; otherwise, if someone guesses your administrator password, they may be able to gain access to your personal e-mail, other websites you are a member of, and so on if the passwords are all the same Include spelling mistakes to make the word harder to guess Don't include personal information such as dates of birth, names of family, and so on Consider using numbers in place of some letters • • • • • • This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 . which we will import into this. To do this, we need to navigate to phpMyAdmin in our development environment (http://localhost/phpmyadmin/), select the database, and then click on the Export tab. This. tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Chapter 14 [ 281 ] Security Security is a very important aspect with any website, but especially so with e-commerce websites. Let's. database for us to use elsewhere. Importing the local database to the hosting account From within phpMyAdmin, we need to select the Import tab so that we can import the database. We can browse