Chapter 14 [ 283 ] SSL/TLS Secure Sockets Layer (SSL) is a cryptographic protocol, which provides secure communications on the Internet by using encryption methods to encrypt data that is then transferred between the client and the server over this secure connection. Standard web page requests are not in SSL and data sent from the browser to the server are sent in plain text, which theoretically could be intercepted and read by third parties. SSL connections encrypt this data, preventing it from being read from any person or program other than the server. There is a detailed article on Wikipedia about Transport Layer Security (TLS), how this works, and the technicalities related to it: http://en.wikipedia.org/wiki/Secure_Sockets_Layer. To set this up, we need to purchase and install an SSL certicate. SSL certicates are used to verify the identity of the server, which is used when encrypting the data sent to and from the server. The company who "signs" the SSL certicate usually determines the cost of such a certicate. This usually involves a trusted company verifying your identity and then issuing the certicate. Once we have a certicate, we need to contact our host to get the certicate set up on the hosting account. This will require a dedicated IP address for the site we are using SSL for; this generally incurs additional charges. The use of an SSL certicate to secure connections to the website is a good idea; however, the costs and efforts involved in setting this up need to be looked into. CAPTCHA SPAM is increasingly common on the Internet. One way to reduce the effect this has on website owners is by implementing CAPTCHA challenges; these are the tests that can normally only be completed by a human, and not a computer, preventing automated bots registering on websites, placing orders, and populating our site's database. These challenges generally involve something such as entering text from within an image, which a computer can't easily detect. The use of these tests can sometimes be off-putting to users, and should be used sparingly. We will look at integrating CAPTCHA challenges in the appendices. Maintenance The nal section is maintaining our site; the most important aspect of this is backing up and restoring our site. This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Deploying, Security, and Maintenance [ 284 ] Backing up and restoring It is important that we take regular backups of our sites, in case something were to happen to the website, its hosting account, or even the server the website is stored on. If we were to lose several weeks worth of new product additions, new customer sign-ups, or new orders, this could do some serious damage to our reputation as developers, and the reputation of the business/site in question. Automated nightly backups should be set up eventually; most hosting providers also have backup procedures in place, so it is also worth investigating what provisions are already there for this. With many non e-commerce sites, if we lost a week's worth of data, the only negative effect would be on our time for any changes made in that past week, or on some contributions from a community. With a business e-commerce site, we could lose order data. If this was for a customer who had paid for their order, we would not know anything about the order to enable us to fulll it, causing angry customers. Using cPanel Let's use cPanel, the popular web hosting control panel to backup and restore our site. This section assumes a hosting account with cPanel installed. Backing up the site and database Within the main cPanel interface, in the Files section, there is a link to the Backups area. This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Chapter 14 [ 285 ] We can download a copy of our Home Directory (all of the les and most of our settings), and also a copy of the database from this section. Simply clicking on the relevant backup buttons will prompt us to download the backup les from the server. It is essential that we keep these les stored somewhere safe and secure. Restoring the site and database To restore from a backup, we need to ensure we are logged into cPanel, and then click on the Backups button to go to the backups section, as we did when backing up the site. On the right-hand side of this screen are the options to Restore a Home Directory Backup and to Restore a MySQL Database. To restore from the backups, all we need to do is browse for the le we wish to restore from, and then click on Upload. When restoring, any existing database or home directory content will be removed, so only do this if you really need to. If you need to gain access to a specic le that you need to back up, decompress the home directory backup, look for the le, and upload it to your site using an FTP client. This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Deploying, Security, and Maintenance [ 286 ] Using the command line (SSH) Assuming we have shell access to our server, we can connect to it and issue simple commands to back up and restore our site easily. Programs such as PuTTY can allow us to connect using SSH to our web hosting server. Backing up the site Once connected through SSH to the server, we need to navigate to the location of our site. Cd /home/junipert/ Then we can compress the public_html folder to a single le, using: Tar cvzf backup.tar.gz public_html With the folder compressed, we need to move it to within the public_html folder, so we can download it by visiting oursite.com/backup.tar.gz. Mv backup.tar.gz public_html/backup.tar.gz Restoring the site Assuming we upload the tar.gz le into our server, we can decompress it with the following command: Tar –xvf backup.tar.gz Backing up the database The following command exports our database to a web-accessible location on our server, where we can download it using a web browser. Mysqldump –u username –p databasename > /home/junipert/public_html/ backup.sql After executing this command, we will be prompted for our password; then we can download the le from our browser. Restoring the database Assuming we upload the SQL le onto our server, we can import it with the following command: Mysql –u username –p databasename < /home/junipert/backup.sql This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Chapter 14 [ 287 ] Summary In this chapter, we looked at the importance of security with our site, and had a primer on SSL, CAPTCHA, password security, and software security. We deployed our website from our development environment to a production environment. We also looked at how we can back up and restore our site on a regular basis to ensure we are covered in case something were to go wrong. This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 . and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Chapter 14 [ 2 85 ] We can download a copy of our Home Directory (all of the les and most. place, so it is also worth investigating what provisions are already there for this. With many non e-commerce sites, if we lost a week's worth of data, the only negative effect would be on. any changes made in that past week, or on some contributions from a community. With a business e-commerce site, we could lose order data. If this was for a customer who had paid for their order,