Hopefully, you have decided to take the advice given in the previous chapter and not deal with credit card details yourself, leaving them instead for the specialist service providers who must comply with the Payment Card Industry (PCI) Data Security Standard. Doing this will not only make your security requirements a lot less stringent, but will also allow you to be more flexible in terms of the way you deal with customers and third parties.
Note
Having said this, we still need to make use of all the basic bits and pieces of software that go into making a secure site, so even if you are storing credit card information on your site, you will still find the information you need in this chapter.
So, where do we begin when we think about how to secure a site? Well, an analysis of all the potential vulnerabilities is a good beginning. You will also find that when it comes to security, it is all but impossible to predict all the security holes at once—don't feel...