Tips for going production for the first time

[Ligonsker]

Hello

 

I am preparing to upload my website to AWS and going online for the first time after a few months of online learning.

The website itself is not doing anything significant, but I just want to know how to work on a production website, and have good habits in production. Because I might want to add more features that require higher security such as credit card payments ( I will use PayPal API )

 

All the online courses don't mention anything that are needed to be done while you're really online and in production, where your website will actually live..

 

For example, I gathered some courage a few weeks ago after all these months of learning and went to a job interview about PHP development, and the interviewer asked me a few questions related to production which I had no idea about. For example MySQL database locking. Never heard of it in all the dozens of videos I've watched.

 

What are some key things I should go and learn now before making my website online?

The website is pure PHP with Bootstrap and JS, so I wrote everything. So it means more holes to be found in production that I want to fix.

 

Please help me with everything I need to know about production environment!

 

 

 

[shadow_ray]

15 hours ago, Ligonsker said:

the interviewer asked me a few questions related to production which I had no idea about. For example MySQL database locking

You mean transactions and concurrency control? That should work in your local environment as well, not just in production.

 

Imagine 2 users starting 2 queries at the same time. They both want the last apple in your web store. Without locks two transactions start at the same time, both of them going to read the record, subtract 1 from the "inStock" value and write back 0. Now you've just sold the same apple to 2 users.

More info about db properties: https://www.sqlservercentral.com/articles/concurrency-control-in-sql-server

 

15 hours ago, Ligonsker said:

What are some key things I should go and learn now before making my website online?

If you don't store sensitive user data the worst thing that could happen is someone brakes your site, or shares nasty stuff on it but most likely nobody's going to find it if you don't advertise it.

 

15 hours ago, Ligonsker said:

Please help me with everything I need to know about production environment!

Maybe deployment methods. Knowing how common vulnerabilities work can also help: SQL injection, XSS, CSRF ...

[Franck]

Specially if you are going to deal with money transaction for ethical reason you should be protecting the information entered by the user on a end to end encryption/ This is done with a SSL certificate. Watchout there are 2 type and couple versions.

 

first you have 2 SSL versions these just encrypt part of the data.

- SSL 2.0 but deprecated in 2011

- SSL 3.0 that was broken in 2004 (unlikely to see any provider sell that one)

 

and then you have the complete encrypted and up to date standard which is TLS there is 4 versions.

TLS encrypt the whole communication

- TLS 1.0 has a backward compatibility with SSL 3.0 (long time I haven't seen that version sold)

- TLS 1.1 last year Microsoft and Google put that version in the deprecated category.

- TLS 1.2 this is probably the most wide spread TLS version.

- TLS 1.3 is relatively new (like 2-3 years tops), I don't know much about it other than they change when the encryption starts in the chain and that they ditched MD5

 

For credit card info and stuff like that any company will suggest you any TLS first because all SSL are deprecated or broken and secondly because of the complete encryption.