Hello everyone, I am getting started on a project on PHP that requires very very high levels of security. I cannot give you exact details but the basics is that it deals with credit cards. I want some advice and tips from experts on the following The server will be Red Hat Linux 7.3 1) The site will have to take very high traffic and possibly thousands of transactions per hour -> Which is the best free db to use (I am guessing MySQL) -> Which is the best paid database (Other than MySQL) 2) I store the db password and login info in a database.inc.php file. Is there any way I can prevent a person from getting the db pass even after he gets this file? 3) Does anyone know a book that focuses of writing secure code. 4)What about Zend source safe. Is that recommended. How exactly does it work and what exactly does this do. Will it help to keep my database.inc.php file safe? 5)How do I know the code that I am writing and my server is safe. Are there any services out there that would help me evaluate this.
Although this is a high profile project, our budget is super small and A LOT depends on this project taking off within a small budget, but at the same time don't want to compromise on security. I have tons of other questions going through my mind. I think I should just go and buy a book or something. Any suggestions? I will also be securing the Linux server so any book on this topic also would help (I am sure they are a couple of good books ). - Sid
