Things to consider before launching a BIG website? - web

I’m about to launch a classifieds website like gumtree and OLX in South Africa…., but it’s not gonna be as big as Gumtree or OLX obviously. It’s going to operate in one province…planning to expand it over time.
The site works like a charm on my local machine, but I’m concerned coz I’ve never launched a big website before. Plus, I just graduated from University this year – no work experience. But I’m positive that if Facebook and Twitter were built by students, I too can build my own thing and run it successfully.
Are there any key issues to take into consideration before launching a big website ?

There is probably more to consider but I here are a few
Hire a lawyer and get a terms and conditions for your site with proper legality. You dont want to short yourself on this.
Get a decent backup and restore solution that you test and make sure that it works. Remember if you have paying clients with your site there will be implications for down time.
Get a security certificate https://
Know what you paying with your hosting solution. If your traffic does spike you could be in for a very large bill that you cant afford. And if you dont have scaling your site might run really slow. So get to know your hosting solution really well.
Good luck

Related

What vulnerabilities are there in a custom react-based e-commerce website and why should I just use Shopify?

I have been programming a small e-commerce platform to sell jewelry.
Initially I wanted to make it web3 compatible ( accept meta mask payments ) and given that I work as a dev I wanted to take the DIY approach as opposed to platforms like Shopify specifically.
Now that I’m getting closer to finishing the website , I contemplate to myself - should I just switch to using Shopify instead ? My contemplation stems from unknown vulnerabilities that I am anticipate ..
My site uses Stripesnd paypal for payments. I don’t save any other data besides order info and shipping address .
Is there any underlying vulnerabilities that Shopify takes care of that I’m not thinking of ?
It seems simple enough to take payments on a site but I have a feeling I am not thinking about some major implications of not using a platform like Shopify .
On one hand I’d really like to use my own website given all the time I’ve spent making it ( also like my front end design better than any template I’ve seen ) so this post is for people to give me their perspective on both pros and cons so I can decide whether I just neeed to dump my work and start over with Shopify or continue on the way forward with DIY coming out as hero ;)
Thanks In advance fam
It is perfectly possible to make your own website and make it secure enough, somebody made Shopify too after all. :) It is also easily possible to leave vulnerabilies in your code that then get exploited. The problem is that if you don't have a good grasp of what you should have even looked at, it will be quite challenging to actually get it right.
You should be aware of potential code level vulnerabilities, and use secure coding and architecture principles to structure and code your website. OWASP is a great resource that helps with learning about those. Higher level principles include things like least privilege, segregation of duties, defense in depth, minimizing attack surface, secure defaults, failing securely and so on. Actual code level vulnerabilities include things like SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), tampering with parameters, session management errors, authentication or authorization errors and so on, there is a lot of these. And your 3rd party libraries that you included can (and will) also have some of these, how will you discover that, and will you have the capacity to keep up with latest versions?
When hosting your own service (even in an IaaS cloud environment like AWS EC2), that brings its own challenges in terms of security too - you need to care about the ops side of security as well. Things like would you even notice if there's an attack? Would you know what to do if a customer called with their money spent on things they didn't buy? Would you have forensic evidence to prove if they are actually lying? :)
You can use tools to scan for some of these vulnerabilities, but that will never be comprehensive - actually, nothing will. Automated tools are very useful, but will miss a lot of things. You can also buy penetration testing services, some of those are really good (and some not), they will find vulnerabilities the same way attackers would - but those are quite expensive.
However, having said all this, the most important thing is to keep your defenses proportionate to the risk. This basically means you don't want to spend more on securing your website than the maximum amount you may lose in case of a compromise. Outsourcing payments to Stripe or Paypal is a great start, because if you have the integration correctly set up, you likely already limited the maximum possible loss quite a bit.
So should you code an ecommerce website yourself, and sell stuff? In the light of the above, it's very opinionated, but I think why not, just consider the above, manage your risks, learn about potential vulnerabilities, mitigate them the best you can, and prepare for things to go wrong. In the end, it's probably cheaper to just use a ready-made service, though a lot less fun. :)
I would say, you should... and you can use any SaaS eCommerce platform: Shopify or BigCommerce or Snipkart without giving up your DIY custom features, because those platforms can be used as a headless eCommerce platform.
This way you don't have risks around managing backend and data (platform will do this, and not loosing the custom features and fine-tuned customer experience you implemented yourself)

How to affordably release a webapp for my job company

First of all, I'm not really sure if this question goes here in stackoverflow or if I should ask it on another place. Please if that's the case, indicate me in the right way :)
So, for context, this is an app that I was asked to develop for my job. At first I thought in doing a webapp and host it inside the company servers and domain (intranet), but it isn't possible due to external issues that I can't control.
Is there another way to achieve this? The app must have a database and should be accessible for a bunch of users at the same time.
Of course we want to spend the least amount of money possible to make this happen. Also, using a workstation of our own to host everything is not possible either.
Edit: I didn't finish developing, but for now I'm developing it in Python Flask.
The number of users is small really, just up to five people.
OK - I guess a lot of what you'll get in response to this is your definition is too vague. Things such as scale, number of users, programming languages used to create the web app etc are important when talking about hosting.
However, for me, there are three very good options out there for free hosting, up to a certain amount of traffic.
1.) Heroku - Heroku.com
A world known web hosting platform. You can publish code through GitHub, and it has some extensive coverage for different types of web apps. Definitely worth a look.
2.) Netlify - netlify.com
Similar to Heroku, but used by some major companies. Allows you to host for free to a point, and is relatively simple to get started with.
3.) Vercel - vercel.com
A bit more technical in my opinion - but again, very similar to the above two and has a free tier.
All three are great options, and I'd recommend looking into them in more detail to see what option is best for you. Can't go wrong with any of them.
I had a similar problem: A Python-Flask-SQLite app for me and my office pals to use together.
The solution was creating one .exe file with pyinstaller, hosting this and the database files in a network drive (one that everyone that will use the app has access). As everybody (~10 people) sees the same db, things works fine!

Things to keep in mind while architecting high volume traffic centered web site

I have this question. If I am designing a web site which is expected to have high-traffic, then what are the things I should keep in mind?
Thanks
Be careful about your database management.
Build your database tables, and links between tables keeping in mind that you do not want to search / load useless things.
Once the site is working, I would optimise it as much as possible. Tools like YSlow or WebPageTest make it easy to analyse a page and pinpoint bottlenecks and places for improvements.
Also for a high volume site, I think that you definitely want to use a content delivery network. There are lots of options, including Amazon CloudFront and CloudFlare. Using a CDN will reduce the load on your server by 60-80%, it will make the site faster and it will cost you hardly anything.
Unless there is a specific reason why it's not a good fit for your site, you can't go wrong!
Good luck!

Intranet planning / what do i need

Ok so ive been tasked with doing "research" on building an intranet for a potential new client for my company and they want some kind of answer by Monday (like any company, they REALLY want this project).
That said, ive been doing "Reasearch" and have so many tabs/windows open that im going nuts and getting lost since my research doesn't have direction...taking in too much and need assistance.
i have 2 questions after a brief explanation.
Essentially, From my understanding, an Intranet is...well in plain
terms, a website that is offline? has a deeper framework because of
the documents that will be available(i think its for a school)and the
ppl who can access them but can also have access to the internet?
Since its for a school(not sure if its mainly for teachers or teachers
and students ) im assuming alot of documents either way.
aside form being private, throughout my research, ive read alot about file security, firewalls, and...and.. im starting to get overwhelmed.
Me myself, am a web designer/so-so developer. decent knowledge of js/jquery and php/mysql though i feel like im just getting started in the web-developer part. Good knowledge of standards HTML/css, designer tools etc...
That said, these are my questions.
1.What is actually involved in planning to create this? What tools( read CMS if possible ) can i use to create any of this. Like to make this happen what do i actually need, and need to know? what direction should i take. If you can direct me and help me close some of these 30+ links spread across my 3 monitors id owe ya lol.
i can build many things and dont mind giving it a HARD go but, this seems like a HUGE project and, im SURE that if my company takes this job, id be put on it. now i can do some of the parts of this project but not 100% sure im the right person for this. Theyre counting on me for a yes/no answer as to whether i can do it (they know its big and itll take time to accomplish) but so...with my skills posted above, am i the right person to do this? or is this more akin to an ACTUAL tried and true developer?
Thank you for your time and, any tips/links/cms info/ i mean ANYTHING that would make this easier PLEASE dont hesitate to share. i dont mind doing the research but i need direction.
i dont want to tell them "YES i can do it" and in a month or two im on pause stuck and the yes turns into a "no i cant do it"
If you have no experience in setting up networks, then you are probably not the man for the job (unless your client is willing to let you have a shot at it for the experience, on a no-win, no-fee basis). Certainly do not over-promise and under-deliver!
I deal with quite a lot of schools, and I know many of the smaller ones will use the secretary's computer as a server, with a simple Windows home network to place files in a shared directory. Its a cheap and cheerful alternative, within their own skillsets to manage.
You should also check with the govermental department with relevant oversight (Dept. of Education, I'd imagine) to see what guidlines, requirements, and grants, are available or required. There may be a specific recommended route to take here, with made to measure firewall protection provided to you.
Larger schools will have invested in proper servers, with automatic external backups in place. I'm not qualified to give advice on how to set those up however. Hopefully someone else here will :)
Best of luck!
CMS may be included as a Intranet website, but Intranet includes much more than CMS. Your best stragetic is tell your boss find a network system integrator to do this project collaboratively. Intranet involves more networking technology (L2, L3, switching, routing, firewall, wireless, etc etc) and physical instrument (ex. cabling).

hardware infrastructure for public web application

I'd like to start a free budget/personal finance site and will need plenty of horsepower and storage. I'm definitely a nubee, so how does one get started in terms of hardware infrastructure? Do I need to get a dedicated IP from my ISP and obtain my own servers? Do I go with amazon or Sql Server Data Services/Azure or something like that? Is the latter services free or a discount offering available to non-profit/free services such as the budget/personal finance site I'm looking to start?
If you don't mind writing your web application in python, then I's suggest using Google App Engine. See: What Is Google App Engine?
What I like to do when I have new ideas for a site is to find an inexpensive hosting solution ($10 per month). This allows me to test the idea and see if the site is going to be successful. If it is a flop, I haven't wasted much money and if it is successful I can upgrade to better hosting (dedicated server).
There are many hosting options available and several of them have great tools such as an online SQL Server management studio. Your other option would be to host it yourself if you are prepared to deal with firewall issues, backups, storage, etc.
Whether it is feasible to DIY varies a lot by country...if you have a decent broadband connection with a fixed IP this can be the cheapest route to play around with first, especially if you need an awful lot of storage.
Note however that many fast broadband connections are only fast for downloads - when you're running a server, the speed your users will see is the upload speed, which is usually a lot less. Also, you'll need to do your own admin and backup etc.
Apart from this most hosting options have a price tag on top, varying from virtual hosts (sharing a real machine), to colocation (your machine in somebody's data center), to cloud services like amazon et al (which have a good scaling ability)- and you will need to shop around for the software stack and hardware features you really need.
There's really two ways to answer this question, what differentiates them is budget.
One is to properly design this solution, prototype it, benchmark the prototype, extrapolate anticipated user load, add overhead and scale accordingly. This takes time, costs but gives you a supportable solution that serves your customers well.
The other is to just give something, anything a go and fix the problems as they come along. This is quicker and cheaper but might be a headache for a while and might p*** off your customers.
Basically it comes down to budget.
Best of luck.

Resources