Exporting our local database As we now have a database set up on the server, we need to get a copy of our local database, which we will import into this.. To do this, we need to navigate
Trang 1[ 278 ]
Once we have entered the username and password, we need to click on the Next
Step button.
Now that we have a database and a database user, we need to grant permissions for
that user to be able to manage the database Let's check the ALL PRIVILEGES check
box and click on the Next Step button again.
Exporting our local database
As we now have a database set up on the server, we need to get a copy of our
local database, which we will import into this To do this, we need to navigate to
phpMyAdmin in our development environment (http://localhost/phpmyadmin/),
select the database, and then click on the Export tab.
Trang 2From here, we then tick the Save as file box, and click on Go.
This generates an export file of the database for us to use elsewhere
Importing the local database to the hosting account
From within phpMyAdmin, we need to select the Import tab so that we can import
the database
We can browse from here to the database file on our computer, using the Choose
File button, and then click on the Go button at the bottom of the page to import the
database to the hosting account
We now have our database set up on our hosting account
Uploading our store
To upload the website files from our development environment to our production
environment, we can use an FTP client One such example of an FTP client is
FileZilla, a free FTP client available for download
Within FileZilla, we simply enter the web address of the site, and our FTP username
and password, and then click on Quickconnect
Trang 3[ 280 ]
Once the FTP client is connected, we simply drag the files from the relevant folder on
our development environment in the Local site pane on the left to the relevant folder
within the Remote site pane on the right Commonly, the folder on the server would
be either public_html or htdocs, and files within these folders are generally made
accessible to the public through a web browser
Settings
Finally, we need to modify some settings, which involves:
Editing the configuration file to include the database connection details for
our production environment
Uploading this configuration file onto the server, telling the production site
to use that database
Changing any aspects of the settings table in the database that references
our development environment, such as the URL of the site or the path for
file uploads
Automated deployment
Automated deployment makes it very easy to deploy code into a production
environment The exact setup of this is beyond the scope of this book, but let's
discuss briefly what would be involved in this process:
1 We would make use of version control to store our code
2 Copies of relevant configuration files would be within the version control,
with references to production settings
3 We would have a script on our production server, which:
Checked the code out of version control Moved it into a web accessible environment Removed the development configuration files, and renamed the deployment configuration files
Made any necessary changes to file permissions
This is a topic I've discussed in more detail on my personal blog (http://www
michaelpeacock.co.uk/blog/entry/svn-deploy-script), which may be of your
interest if you are interested in pursuing an automated deployment system
•
•
•
•
•
•
•
Trang 4Security is a very important aspect with any website, but especially so with
e-commerce websites Let's look into how we can ensure our site and our
customers' data can be kept secure
Server security
The security of the server itself is one aspect of security that needs consideration
This can be broken down into two primary areas:
Server software
Firewall and network traffic
Software
Almost all software contain security vulnerabilities; once a vulnerability has been
discovered, it is important to ensure that the software is upgraded or patched to
prevent malicious users from exploiting these vulnerabilities With managed hosting,
we don't need to concern ourselves with server-installed software, as our hosting
provider should keep that up to date However, if we want to concern ourselves
with the software on our server (and check our provider is up to date), or if we are
operating on unmanaged virtual or dedicated servers, we need to keep updated on
security developments with:
PHP
MySQL
Apache
The FTP server software
The SSH server-side software
This could be done by subscribing to any mailing lists found on the sites for
those projects
Any other software we install, such as bulletin board systems, chat rooms, and so on,
also need to be regularly checked for available upgrades and security updates
•
•
•
•
•
•
•
Trang 5[ 282 ]
Securing the site with a firewall
Software and hardware firewalls can help protect our website from attack; these
generally work by blocking access to certain parts of the server from certain
computers (for example, allow anyone to access the website stored on the server,
except users we explicitly banned, but disallow anyone to access aspects such as
FTP or SSH unless explicitly permitted) Most web hosts can advise on their firewall
setup, and documentation is available for firewalls that can be used on virtual and
dedicated servers
Passwords
As a website owner or administrator of a site, our passwords can provide access
to the administration area of the website Our hosting account password also
gives complete access to our website, including areas that are not related to our
e-commerce system, such as databases, e-mail, and statistics, so it is important
that we use secure passwords
Passwords that are not secure can be obtained by users' guessing, automated
dictionary attacks where a computer goes through a list of words trying them
as the password, or by social engineering
Strong passwords are one of the easiest ways to prevent user accounts from being
compromised, or guessed by dictionary or social engineering attacks These involve
either going through a list of common passwords until the system logs the hacker
in, or by researching the user and trying to guess passwords based off memorable
information, such as dates of birth, names of friends and family, and so on Some
suggestions for making a strong password are as follows:
Use both letters and numbers
Make use of special characters, such as @, /, \, #, *, &, and so on
Make all of your passwords unique; otherwise, if someone guesses your
administrator password, they may be able to gain access to your personal
e-mail, other websites you are a member of, and so on if the passwords are
all the same
Include spelling mistakes to make the word harder to guess
Don't include personal information such as dates of birth, names of family,
and so on
Consider using numbers in place of some letters
•
•
•
•
•
•