Programming a safe web application
Author
I was wondering, what is the best programming language choice for programming a web application that will deal with virtual money accounts?
So for instance, take those online poker rooms for example.
You pay 100 $ and get 100$ on your account, but that is of course "virtual" money, which you can change for real money any time. So if I would build an web(browser based) application which deals with that, how can I make it "safe enough", so noone can raise it's virtual money on any way, or manipulate application parameters to get more money?
Which is the way to do that? Which programming language can I use? What should I be careful about?
Guide me in the right direction please.
Quote:Original post by CrashStar
What should I be careful about?
The Law:
- gambling regulations in the country where your company will be registered in
- same for the country where you will be hosting your servers
- laws of countries of your player's place of residence
The taxes:
- again, company, hosting and player's country's tax regulations
Fraud prevention:
- Use of such online services for money laundering and tax evasion
- Credit card fraud
Unlike many other aspects, gambling and real money are covered by real world regulation, so get a lawyer.
After you clear all of those issues, you can start worrying about actually implementing such a system.
Quote:Guide me in the right direction please.
Hire a company that has developed similar systems, or is experienced in dealing with banking and financial applications. Seriously, as soon as you start handling real money, things get incredibly dirty.
Author
I didn't say that I will develop a gambling application, but I said it would use similiar sistem of money handling only.
I think safety is more up to you then the language...PHP will do, or ASP if you love MS.
Also, you might want to look for other DB's then MySQL...PostgreSQL or Oracle.
Also, you might want to look for other DB's then MySQL...PostgreSQL or Oracle.
The most important - and always applicable - rule for developing safe web applications is to assume that your server side code will be acccessed by a client that is mallicious and that you have no control over; because this is the case if someone is trying to hack your site.
So forget about the client side. It isn't secure because it can't be secure. The server side is where all your security must happen. Which language you use isn't important - it's possible to write insecure code in any language. What you need to do is to read up on, and understand, the different types of attack that are common - SQL injection, cross site scripting etc.
So forget about the client side. It isn't secure because it can't be secure. The server side is where all your security must happen. Which language you use isn't important - it's possible to write insecure code in any language. What you need to do is to read up on, and understand, the different types of attack that are common - SQL injection, cross site scripting etc.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
