Hello,
We are starting a family business with no web development but some programming experience, we have taken on the enormous task of building a secure website for our online browser game which includes a php apache database (full of sensitive usernames passwords etc) that need to be kept secure. We are taking small card payments for registration to the full game. After months of hard work, the website and database works, and we are now looking at security/publishing options.
There seem to be so many options out there we need some good advice and don’t know who to turn to. Consider we are not rolling in money here and need to do this in a practical but secure way.
Our first task is to stop users from simply typing in the correct url link for the full game, and playing it without actually signing up. We thought this should be easy but apparently it is not.
We have heard from some sources that SESSION cookies is the standard way of doing this and would really appreciate some decent advice on whether it is secure enough for the purposes of our business (we would like to provide a reliable and secure service to lots of players).
From other sources we have heard that we absolutely need to set up the website on two servers, an internal server with all of the files we want to protect or be inaccessible via url, and an external or “gateway” server which includes the homepage and communicates with it. This option seems extremely complicated and we only want to undertake it if it’s absolutely necessary.
Considering the needs of our business, would you please be so kind as to help us choose the right option, or make us aware of any other more suitable options out there that we might not know about.
Many many thanks,
RichardTheFrog