I am upgrading a client's ecommerce webstore and have hit a little bit of trouble.
The store is a custom-built PHP scripts set on each sale, the credit card is charged through the merchant account interface, and then the order is e-mailed to the client's desktop inbox. However, as the company grows, it is impossible, because the customer spends maximum time with the email order confirmation filing.
I wanted to set up a database on the web server, and wanted to modify the PHP Store script to store the sale in the database, then the customer would enter into an SSL Extranet Portal with the browser, and the sale Looks securely - it is fed from the database on the same webserver.
But the customer said that he did not want this because he does not want the customer data on the web server - even if the credit card information is not stored - only the names, e-mail addresses and the purchased items , And such that he likes the data stored on the server in his office, which is only connected to the intranet, and does not have external access.
Currently the intranet server that stores the data can not be accessed from the outside, and therefore can not be accessed from the web server that operates the sales process.
Is this ideal for keeping sales data on the web server? How do the mother-in-law companies do this? Does the database have their customer data on the web server in the database?
If customer's request is viable, then the standard accepted approach to the sale is being processed automatically, and not only e-mailed but also those people on the sales web server intranet Depends on the machine? Does the intranet machine need to log on to the web server and "grab" the sale from the temporary table on the web server? Does the web server have a custom service that runs to serve the connection to the intranet server and to feed it to a recent sale, and then delete those sales records from the web server?
Actually, what is the standard way of running sales data from the public web server machine on the intranet machine? Or am I not seeing this issue correctly?
I am sorry to say that your question seems a little flawy. I do not want client data on the web server, but this does not mean that they should be on intranet. Why not have a dedicated machine on a dedicated machine that will only accept connections from your webserver and your intranet? Both types of connections should be encrypted, of course.
I think it all depends on your client's wishes and does not want to. But it should be easy to make it clear that there should be a way to get customer data where he wants it. I certainly would not suggest email as a medium of transportation.
Comments
Post a Comment